mikejuk writes "We all do it — place our phones down on the desk next to the keyboard. This might not be such a good idea if you want to keep your work to yourself. A team of researchers from MIT and the Georgia Institute of Technology have provided proof of concept for logging keystrokes using nothing but the sensors inside a smartphone — an iPhone 4 to be precise, as the iPhone 3GS wasn't up to it. A pair of neural networks were trained to recognize which keys were being pressed just based on the vibration — and it was remarkably good at it for such a small device. There have been systems that read the keys by listening but this is the first system that can hide in mobile phone malware."
McGruber writes "The New York Times is reporting on yet another NSA revelation: for the last three years, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans' social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information. 'The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such "enrichment" data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.' In a memorandum, NSA analysts were 'told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification.' 'That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists. Analysts were warned to follow existing "minimization rules," which prohibit the NSA from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a "U.S. person" — a citizen or legal resident — for actual eavesdropping.'"
jrepin points out an article by Richard Stallman following up on the 30th anniversary of the start of his efforts on the GNU Project. RMS explains why he thinks we should continue to push for broader adoption of free software principles. He writes, "Much has changed since the beginning of the free software movement: Most people in advanced countries now own computers — sometimes called “phones” — and use the internet with them. Non-free software still makes the users surrender control over their computing to someone else, but now there is another way to lose it: Service as a Software Substitute, or SaaSS, which means letting someone else’s server do your own computing activities. Both non-free software and SaaSS can spy on the user, shackle the user, and even attack the user. Malware is common in services and proprietary software products because the users don’t have control over them. That’s the fundamental issue: while non-free software and SaaSS are controlled by some other entity (typically a corporation or a state), free software is controlled by its users. Why does this control matter? Because freedom means having control over your own life. ... Schools — and all educational activities — influence the future of society through what they teach. So schools should teach exclusively free software, to transmit democratic values and the habit of helping other people. (Not to mention it helps a future generation of programmers master the craft.) To teach use of a non-free program is to implant dependence on its owner, which contradicts the social mission of the school. Proprietary developers would have us punish students who are good enough at heart to share software or curious enough to want to change it."
dmfinn writes "It was back in 2011 when Stefano Ampollini and two accomplices cheated a French casino out of over €90,000 thanks to the help of Chinese-made infrared contact lenses. According to French authorities, Ampollini and two casino workers marked cards using an invisible liquid that would be picked up by the infrared lenses, which Ampollini then used to read his competitors' cards. Though the contacts themselves cost over €2,000, the crew managed to take €71,000 in their first night. However, the trio was finally caught when a lawyer working for the casino became suspicious after Ampollini folded with an unbelievably good hand, which suggested he knew the croupier's cards. This week, a French court sentenced Ampollini to two years in prison and a €100,000 fine. His main accomplice was handed an even harsher sentence; he was forced to pay the same fine and given a 36-month sentence. It appears, despite their best efforts and advanced tactics, that the men were still unable to beat the house without raising significant alarms. So, at least for now, it seems modern technology still can't simulate good old 'luck.'"
wabrandsma sends this story from New Scientist: "A sensor previously used for military operations can now be tuned to secretly locate and record any single conversation on a busy street. [A] Dutch acoustics firm, Microflown Technologies, has developed a matchstick-sized sensor that can pinpoint and record a target's conversations from a distance. Known as an acoustic vector sensor, Microflown's sensor measures the movement of air, disturbed by sound waves, to almost instantly locate where a sound originated. It can then identify the noise and, if required, transmit it live to waiting ears. Security technologist Bruce Schneier says this new capability is unwelcome – particularly given the recent claims about the NSA's success at tapping into our private lives. 'It's not just this one technology that's the problem,' Schneier says. 'It's the mic plus the drones, plus the signal processing, plus voice recognition.'"
chicksdaddy writes "Pay-as-you-drive programs are all the rage in the auto insurance industry. The (voluntary) programs, like Progressive Insurance's Snapshot use onboard monitoring devices to track information like the speed of the automobile, sudden stops, distance traveled and so on. Safe and infrequent drivers might see their rates drop while customers who log thousands of miles behind the wheel and/or drive recklessly would see their insurance rates rise. GPS data isn't generally collected, and insurance companies promise customers that they're not tracking their movement. No matter. A study (PDF) by researchers at the University of Denver claims that the destination of a journey can be derived by combining knowledge of the trip's origin with the metrics collected by the 'pay-as-you-drive' device. The data points collected by these remote sensing devices are what the researchers call 'quasi-identifiers' – attributes that are 'non-identifying by themselves, but can be used to unique identify individuals when used in combination with other data.' In one example, researchers used a strategy they called 'stop-point matching,' to compare the pattern of vehicle stop points from a known origin with various route options. They found that in areas with irregular street layouts (i.e. 'not Manhattan'), the pattern will be more or less unique for any location. The study raises important data privacy questions for the (many) 'pay-as-you-drive' programs now being piloted, or offered to drivers – not to mention other programs that seek to match remote sensors and realtime monitoring with products and services."
Nerval's Lobster writes "In its second announcement of the kind, Microsoft revealed [Friday] that it received more than 37,000 requests for information on customers of its Skype, Azure and other services from law enforcement agencies around the world. The count does not include requests made using "National Security Letters" issued by the FBI or other U.S. federal agencies that have the force of a warrant or subpoena, albeit without the oversight or control provided by the courts that issue those sorts of orders. During the first six months of 2013, Microsoft received 37,196 requests that covered a total of 66,539 customer accounts. The company refused to provide any information in response to 21 percent of those requests. It provided "non-content data" in response to 77 percent of the requests – non-content data usually includes information such as names or basic subscriber information rather than information on the content of messages or other details describing online activity of those customers. In 2.19 percent of cases, however, Microsoft reports having provided "customer content data" – which includes the content of messages or data stored in accounts owned by Microsoft companies. Ninety-two percent of requests for customer content came from U.S. law-enforcement agencies."
An anonymous reader writes "In the process of standardizing the SHA-3 competition winning algorithm Keccak, the National Institute of Standards and Technology (NIST) may have lowered the bar for attacks, which might be useful for or even initiated by NSA. 'NIST is proposing a huge reduction in the internal strength of Keccak below what went into final SHA-3 comp,' writes cryptographer Marsh Ray on Twitter. In August, John Kelsey, working at NIST, described (slides 44-48) the changes to the algorithm, including reduction of the bit length from 224, 256, 384 and 512-bit modes down to 128 and 256-bit modes."
Dawn Kawamoto writes "IBM reached a settlement with the Justice Department over allegations it posted discriminatory online job openings, allegedly stating a preference for H-1B and foreign student visa holders for its software and apps developer positions. The job openings were for IT positions that would eventually require the applicant to relocate overseas. IBM agreed to pay $44,400 in civil penalties to the U.S., as well as take certain actions in the way it hires within the U.S. The settlement, announced Friday, comes at a time with tech companies are calling for the U.S. to allow more H-1B workers into the country."
McGruber writes "Gigaom's Jeff John Roberts reports that Martha Stewart Living Omnimedia, Inc. (MSLO) has filed a lawsuit against Lodsys, a shell company that gained infamy two years ago by launching a wave of legal threats against small app makers, demanding they pay for using basic internet technology like in-app purchases or feedback surveys. In the complaint filed this week in federal court in Wisconsin, Martha Stewart Living Omnimedia asked a judge to declare that four magazine iPad apps are not infringing Lodsys' patents, and that the patents are invalid because the so-called inventions are not new. The complaint explained how Lodsys invited the company to 'take advantage of our program' by buying licenses at $5,000 apiece. It also calls the Wisconsin court's attention to Lodsys' involvement in more than 150 Texas lawsuits. In choosing to sue Lodsys and hopefully crush its patents, Martha Stewart is choosing a far more expensive option than simply paying Lodsys to go away."
AHuxley writes "With the U.S. trying to understand the domestic role of their foreign intelligence and counterintelligence services in 2013, what can a declassified look back into the 1960s and 1970s add to the ongoing legal debate? Welcome to the world of Interagency Security Classification Appeals Panel and the work done by the National Security Archive at George Washington University. Read how prominent anti-war critics and U.S. senators were tracked, and who was on the late-1960s NSA watch list, from Rev. Martin Luther King to civil rights leader Whitney Young, boxer Muhammad Ali, Tom Wicker, the Washington bureau chief and Washington Post columnist Art Buchwald, and Sen. Howard Baker (R-Tenn.). The NSA was aware of the legality of its work and removed all logos or classification markings, using the term 'For Background Use Only.' Even back then, NSA director at the time, Lew Allen noted: "appeared to be a possible violation of constitutional guarantees" (from page 86 of this PDF). What did the NSA think about signals intelligence sites in your country? See if your country makes the 'indefinite' list on page 392."
Lasrick writes "Motherboard's Africa correspondent, Amanda Sperber, has a great piece on how protesters in Sudan are getting around the government's shutdown of the internet. Quoting: 'Since Wednesday afternoon, Sudan's internet has been sporadically shut off amid a fifth day of protests against President Omar al Bashir's regime. Despite the attempt to cut off communications and limit organization and reporting on the ground, a group of tech-savvy people based in Khartoum have developed a map for recording key data about the protests that's powered by cell networks. '"
bednarz writes "In four days, the health insurance marketplaces mandated by the Obama administration's Affordable Care Act are scheduled to open for business. Yet even before the sites launch, problems are emerging. Final security testing of the federal data hub isn't slated to happen until Sept. 30, one day before the rollout. Lawmakers have raised significant concerns about the ability of the system to protect personal health records and other private information. 'Lots and lots of late nights and weekends as people get ready for go-live,' says Patrick Howard, who leads Deloitte Consulting's public sector state health care practice."
Hugh Pickens DOT Com writes "CNN reports that Jared James Abrahams, a 19-year-old computer science student, has been arrested for allegedly hijacking the webcams of young women — among them reigning Miss Teen USA Cassidy Wolf — taking nude images, then blackmailing his victims to send him more explicit material or else be exposed. Abrahams admitted he had 30 to 40 'slave computers' — or other people's electronic devices he controlled — and has had as many as 150 total. His arrest came six months after a teenager identified in court documents as C.W. alerted authorities. She has since publicly identified herself as Cassidy Wolf, the recently crowned Miss Teen USA. Wolf received messages featuring pictures of her at her Riverside County address and others apparently taken months earlier when she lived in Orange County, says the criminal complaint (PDF). The message explained 'what's going to happen' if Wolf didn't send pictures or videos or 'do what I tell you to do' in a five-minute Skype videoconference, according to the criminal complaint. 'Either you do one of the things listed below or I upload these pics and a lot more (I have a LOT more and those are better quality) on all your accounts for everybody to see and your dream of being a model will be transformed into a pornstar (sic),' wrote Abrahams. FBI agents raided Abrahams' Temecula home in June and seized computers and hardware, cellphones and hacking software, court records show. Outside the court, Abrahams' lawyer, Alan Eisner, said that his client's family feels 'profound regret and remorse' over what happened. Eisner told CNN affiliate KTLA that Abrahams is autistic. 'The family wants to apologize for the consequences of his behavior to the families who were affected.'"
cold fjord writes "The New York times reports that the Chairman of the Senate Intelligence Committee, Senator Dianne Feinstein (D-CA), and Vice Chairman, Senator Saxby Chambliss (R-GA), are moving a bill forward that would 'change but preserve' the controversial NSA phone log program. Senator Feinstein believes the program is legal, but wants to improve public confidence. The bill would reduce the time the logs could be kept, require public reports on how often it is used, and require FISA court review of the numbers searched. The bill would require Senate confirmation of the NSA director. It would also give the NSA a one week grace period in applying for permission from a court to continue surveillance of someone that travels from overseas to the United States. The situation created by someone traveling from overseas to the United States has been the source of the largest number of incidents in the US in which NSA's surveillance rules were not properly complied with. The rival bill offered by Senators Wyden (D-OR) and Udall (D-CO) which imposes tougher restrictions is considered less likely to pass."
Zothecula writes "Earlier this year, we heard about a gun and a fogging system, both of which tag criminals with synthesized DNA. The idea is that when those people are apprehended later, they can be linked to the crime by analyzing the location- or event-specific DNA still on their skin or clothing. Now, scientists at the Technology Transfer Unit of Portugal's University of Aveiro are developing something similar – 'DNA barcodes' that can be applied to products, then subsequently read as a means of identification."
PCWorld reports that "[A] U.S. surveillance court has given the National Security Agency no limit on the number of U.S. telephone records it collects in the name of fighting terrorism, the NSA director said Thursday. The NSA intends to collect all U.S. telephone records and put them in a searchable 'lock box' in the interest of national security, General Keith Alexander, the NSA's director, told U.S. senators." But don't worry; it's just metadata, until it isn't. (Your row in the NSA database may already be getting cozy in its nice new home in Utah.)
An anonymous reader writes "Today the Federal Patent Court of Germany shot down an Apple photo gallery bounce-back patent over which Cupertino was/is suing Samsung and Motorola. A panel of five judges found the patent invalid because the relevant patent application was filed only in June 2007 but Steve Jobs already demoed the feature in January 2007 (video). While this wouldn't matter in the U.S., it's a reason for a patent to be invalidated in Europe. For different reasons someone thought the iPhone presentation was a mistake. It now turns out that when Steve Jobs said "Boy have we patented it!" his company forgot that public disclosure, even by an inventor, must not take place before a European patent application is filed. But Apple can still sue companies over the Android photo gallery: in addition to this patent it owns a utility model, a special German intellectual property right that has a shorter term (10 years) and a six-month grace period, which is just enough to make sure that history-making Steve Jobs video won't count as prior art."
mystikkman writes "In what is a serious bug, GMail Chat/GTalk/Google Hangouts is sending messages to unintended recipients. ZDNet has confirmed first-hand that the glitch is present within Google Apps for Business accounts, including those that have not yet switched over to Google's new Hangouts platform. Messages appear to be visible on the mobile version of Hangouts. There are multiple reports of this issue."