Nerval's Lobster writes "Now that he's finished dodging law enforcement and experimenting with chemicals, software designer John McAfee (founder of his eponymous antivirus company) has been building something that, if it actually works, could appeal to the paranoid: a device that blocks the government's ability to spy on PCs and mobile devices. The device, known as 'Dcentral,' will reportedly cost around $100 and fit into a pants pocket. In a speech at the San Jose McEnery Convention Center over the weekend, McAfee suggested that the hardware would create private device networks impenetrable to outsiders, even those with the most sophisticated technology. The network's range would be roughly three blocks; McAfee believes that he can have a prototype up and running within six months. Whether or not McAfee manages to get that prototype working on schedule, he's already ramping up to the release of something, having set up a 'Future Tense Central' Website with a countdown clock, a sleek logo, and a set of social-media buttons. McAfee is such an outsized figure ('I've always wandered close to the edge,' he once confessed to an audience) that it's sometimes tempting to take his latest claims with a moon-sized grain of salt—this is the same man, after all, who says he avoided a police manhunt in Belize by dressing up as a drunk German tourist. (And he's unafraid to parody his own Wild Man reputation online.) That aside, he's also an executive with a record of starting a financially successful company, which means that—no matter what else he's done in the intervening years—it's likely that he'll attract a little bit of attention, if not some funding, with his latest endeavor."
sholto writes "When Buzzfeed wrote about LinkedIn's stalker problem in June, LinkedIn claimed it had enough privacy tools "to effectively minimize unwanted connections". But a petition by a 24-year-old Ohio woman sexually assaulted by her boss and harassed through the network appears to have won the day for privacy advocates. LinkedIn said it was adding a blocking feature to protect members against stalkers. 'I can confirm that we’re in the process of building (a block feature),' responded Paul Rockwell, head of trust and safety at LinkedIn to a post in LinkedIn’s help forum called 'Stalking on LinkedIn'. 'Users on Facebook, Twitter, Pinterest and other sites can easily block other users. LinkedIn appears to be an outlier among other top social media sites,' said petitioner Anna R."
An anonymous reader writes "CNN reports, "Sheikh Saleh Al-Loheidan's widely derided remarks have gone viral ... 'If a woman drives a car,' Al-Loheidan told Saudi news website sabq.org. 'it could have a negative physiological impact. It would automatically affect a woman's ovaries and that it pushes the pelvis upward.' ... 'We find that for women who continuously drive cars, their children are born with varying degrees of clinical problems.' The controversial comments were widely interpreted throughout Saudi Arabia as an attempt to discourage women in the country from joining a popular online movement urging them to stage a demonstration by driving cars on October 26. 'This is his answer to the campaign,' Saudi women's rights activist Aziza Yousef told CNN. 'He's making a fool of himself. He shouldn't touch this field at all.' Al-Loheidan's words have been ridiculed mercilessly via social media. An Arabic Twitter hashtag called '#WomensDrivingAffectsOvariesAndPelvises' was quickly created to make fun of Al-Loheidan — underscoring just how widely the call for Saudi women to defy the driving ban has resonated thus far. And while numerous conservative voices have supported Al-Loheidan, many Saudis believe this was an extremely clumsy way of trying to counter the popularity of the October 26 campaign.'"
schwit1 writes "Some European leaders are renewing calls for a 'euro cloud,' in which consumer data could be shared within Europe but not outside the region. Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country. And India plans to ban government employees from using email services from Google and Yahoo Inc. It is too soon to tell if a major shift is under way. But the Information Technology and Innovation Foundation estimates that fallout from revelations about NSA activities could cost Silicon Valley up to $35 billion in annual revenue, much of it from lost overseas business. A survey conducted this summer by the Cloud Security Alliance, an industry group, found that 56% of non-U.S. members said security concerns made it less likely that they would use U.S.-based cloud services. Ten percent said they had canceled a contract. Even some companies that seek to profit from fears about U.S. snooping acknowledge that law-enforcement agencies in other countries want to catch up with Washington's capabilities. 'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,' says Roberto Valerio, whose German cloud-storage company, CloudSafe GmbH, reports a 25% rise in business since the NSA revelations. 'At the end of the day, some agency will spy on you,' he says."
An anonymous reader writes "Ratting someone out' just became much more literal. Dutch police are using trained rats to help keep the streets clean. 'Detective Derrick and his rat partners cost just £8 each and are capable of being trained to identify an impressive range of odors—including drugs and explosives—within ten to 15 days. In contrast, a police dog costs thousands of pounds and requires a minimum training period of eight months. The training procedure is straightforward: the rats are kept in a cage with four metal tea strainers attached inside, one of which contains gunpowder. When the rat recognizes the smell, it is rewarded with a "click" and a small treat. Eventually the rat will learn to move towards the smell instantly. In a demonstration it takes Derrick just two seconds to locate the offending odor."
mikejuk writes "We all do it — place our phones down on the desk next to the keyboard. This might not be such a good idea if you want to keep your work to yourself. A team of researchers from MIT and the Georgia Institute of Technology have provided proof of concept for logging keystrokes using nothing but the sensors inside a smartphone — an iPhone 4 to be precise, as the iPhone 3GS wasn't up to it. A pair of neural networks were trained to recognize which keys were being pressed just based on the vibration — and it was remarkably good at it for such a small device. There have been systems that read the keys by listening but this is the first system that can hide in mobile phone malware."
McGruber writes "The New York Times is reporting on yet another NSA revelation: for the last three years, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans' social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information. 'The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such "enrichment" data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.' In a memorandum, NSA analysts were 'told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification.' 'That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists. Analysts were warned to follow existing "minimization rules," which prohibit the NSA from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a "U.S. person" — a citizen or legal resident — for actual eavesdropping.'"
jrepin points out an article by Richard Stallman following up on the 30th anniversary of the start of his efforts on the GNU Project. RMS explains why he thinks we should continue to push for broader adoption of free software principles. He writes, "Much has changed since the beginning of the free software movement: Most people in advanced countries now own computers — sometimes called “phones” — and use the internet with them. Non-free software still makes the users surrender control over their computing to someone else, but now there is another way to lose it: Service as a Software Substitute, or SaaSS, which means letting someone else’s server do your own computing activities. Both non-free software and SaaSS can spy on the user, shackle the user, and even attack the user. Malware is common in services and proprietary software products because the users don’t have control over them. That’s the fundamental issue: while non-free software and SaaSS are controlled by some other entity (typically a corporation or a state), free software is controlled by its users. Why does this control matter? Because freedom means having control over your own life. ... Schools — and all educational activities — influence the future of society through what they teach. So schools should teach exclusively free software, to transmit democratic values and the habit of helping other people. (Not to mention it helps a future generation of programmers master the craft.) To teach use of a non-free program is to implant dependence on its owner, which contradicts the social mission of the school. Proprietary developers would have us punish students who are good enough at heart to share software or curious enough to want to change it."
dmfinn writes "It was back in 2011 when Stefano Ampollini and two accomplices cheated a French casino out of over €90,000 thanks to the help of Chinese-made infrared contact lenses. According to French authorities, Ampollini and two casino workers marked cards using an invisible liquid that would be picked up by the infrared lenses, which Ampollini then used to read his competitors' cards. Though the contacts themselves cost over €2,000, the crew managed to take €71,000 in their first night. However, the trio was finally caught when a lawyer working for the casino became suspicious after Ampollini folded with an unbelievably good hand, which suggested he knew the croupier's cards. This week, a French court sentenced Ampollini to two years in prison and a €100,000 fine. His main accomplice was handed an even harsher sentence; he was forced to pay the same fine and given a 36-month sentence. It appears, despite their best efforts and advanced tactics, that the men were still unable to beat the house without raising significant alarms. So, at least for now, it seems modern technology still can't simulate good old 'luck.'"
wabrandsma sends this story from New Scientist: "A sensor previously used for military operations can now be tuned to secretly locate and record any single conversation on a busy street. [A] Dutch acoustics firm, Microflown Technologies, has developed a matchstick-sized sensor that can pinpoint and record a target's conversations from a distance. Known as an acoustic vector sensor, Microflown's sensor measures the movement of air, disturbed by sound waves, to almost instantly locate where a sound originated. It can then identify the noise and, if required, transmit it live to waiting ears. Security technologist Bruce Schneier says this new capability is unwelcome – particularly given the recent claims about the NSA's success at tapping into our private lives. 'It's not just this one technology that's the problem,' Schneier says. 'It's the mic plus the drones, plus the signal processing, plus voice recognition.'"
chicksdaddy writes "Pay-as-you-drive programs are all the rage in the auto insurance industry. The (voluntary) programs, like Progressive Insurance's Snapshot use onboard monitoring devices to track information like the speed of the automobile, sudden stops, distance traveled and so on. Safe and infrequent drivers might see their rates drop while customers who log thousands of miles behind the wheel and/or drive recklessly would see their insurance rates rise. GPS data isn't generally collected, and insurance companies promise customers that they're not tracking their movement. No matter. A study (PDF) by researchers at the University of Denver claims that the destination of a journey can be derived by combining knowledge of the trip's origin with the metrics collected by the 'pay-as-you-drive' device. The data points collected by these remote sensing devices are what the researchers call 'quasi-identifiers' – attributes that are 'non-identifying by themselves, but can be used to unique identify individuals when used in combination with other data.' In one example, researchers used a strategy they called 'stop-point matching,' to compare the pattern of vehicle stop points from a known origin with various route options. They found that in areas with irregular street layouts (i.e. 'not Manhattan'), the pattern will be more or less unique for any location. The study raises important data privacy questions for the (many) 'pay-as-you-drive' programs now being piloted, or offered to drivers – not to mention other programs that seek to match remote sensors and realtime monitoring with products and services."
Nerval's Lobster writes "In its second announcement of the kind, Microsoft revealed [Friday] that it received more than 37,000 requests for information on customers of its Skype, Azure and other services from law enforcement agencies around the world. The count does not include requests made using "National Security Letters" issued by the FBI or other U.S. federal agencies that have the force of a warrant or subpoena, albeit without the oversight or control provided by the courts that issue those sorts of orders. During the first six months of 2013, Microsoft received 37,196 requests that covered a total of 66,539 customer accounts. The company refused to provide any information in response to 21 percent of those requests. It provided "non-content data" in response to 77 percent of the requests – non-content data usually includes information such as names or basic subscriber information rather than information on the content of messages or other details describing online activity of those customers. In 2.19 percent of cases, however, Microsoft reports having provided "customer content data" – which includes the content of messages or data stored in accounts owned by Microsoft companies. Ninety-two percent of requests for customer content came from U.S. law-enforcement agencies."
An anonymous reader writes "In the process of standardizing the SHA-3 competition winning algorithm Keccak, the National Institute of Standards and Technology (NIST) may have lowered the bar for attacks, which might be useful for or even initiated by NSA. 'NIST is proposing a huge reduction in the internal strength of Keccak below what went into final SHA-3 comp,' writes cryptographer Marsh Ray on Twitter. In August, John Kelsey, working at NIST, described (slides 44-48) the changes to the algorithm, including reduction of the bit length from 224, 256, 384 and 512-bit modes down to 128 and 256-bit modes."
Dawn Kawamoto writes "IBM reached a settlement with the Justice Department over allegations it posted discriminatory online job openings, allegedly stating a preference for H-1B and foreign student visa holders for its software and apps developer positions. The job openings were for IT positions that would eventually require the applicant to relocate overseas. IBM agreed to pay $44,400 in civil penalties to the U.S., as well as take certain actions in the way it hires within the U.S. The settlement, announced Friday, comes at a time with tech companies are calling for the U.S. to allow more H-1B workers into the country."
McGruber writes "Gigaom's Jeff John Roberts reports that Martha Stewart Living Omnimedia, Inc. (MSLO) has filed a lawsuit against Lodsys, a shell company that gained infamy two years ago by launching a wave of legal threats against small app makers, demanding they pay for using basic internet technology like in-app purchases or feedback surveys. In the complaint filed this week in federal court in Wisconsin, Martha Stewart Living Omnimedia asked a judge to declare that four magazine iPad apps are not infringing Lodsys' patents, and that the patents are invalid because the so-called inventions are not new. The complaint explained how Lodsys invited the company to 'take advantage of our program' by buying licenses at $5,000 apiece. It also calls the Wisconsin court's attention to Lodsys' involvement in more than 150 Texas lawsuits. In choosing to sue Lodsys and hopefully crush its patents, Martha Stewart is choosing a far more expensive option than simply paying Lodsys to go away."
AHuxley writes "With the U.S. trying to understand the domestic role of their foreign intelligence and counterintelligence services in 2013, what can a declassified look back into the 1960s and 1970s add to the ongoing legal debate? Welcome to the world of Interagency Security Classification Appeals Panel and the work done by the National Security Archive at George Washington University. Read how prominent anti-war critics and U.S. senators were tracked, and who was on the late-1960s NSA watch list, from Rev. Martin Luther King to civil rights leader Whitney Young, boxer Muhammad Ali, Tom Wicker, the Washington bureau chief and Washington Post columnist Art Buchwald, and Sen. Howard Baker (R-Tenn.). The NSA was aware of the legality of its work and removed all logos or classification markings, using the term 'For Background Use Only.' Even back then, NSA director at the time, Lew Allen noted: "appeared to be a possible violation of constitutional guarantees" (from page 86 of this PDF). What did the NSA think about signals intelligence sites in your country? See if your country makes the 'indefinite' list on page 392."
Lasrick writes "Motherboard's Africa correspondent, Amanda Sperber, has a great piece on how protesters in Sudan are getting around the government's shutdown of the internet. Quoting: 'Since Wednesday afternoon, Sudan's internet has been sporadically shut off amid a fifth day of protests against President Omar al Bashir's regime. Despite the attempt to cut off communications and limit organization and reporting on the ground, a group of tech-savvy people based in Khartoum have developed a map for recording key data about the protests that's powered by cell networks. '"
bednarz writes "In four days, the health insurance marketplaces mandated by the Obama administration's Affordable Care Act are scheduled to open for business. Yet even before the sites launch, problems are emerging. Final security testing of the federal data hub isn't slated to happen until Sept. 30, one day before the rollout. Lawmakers have raised significant concerns about the ability of the system to protect personal health records and other private information. 'Lots and lots of late nights and weekends as people get ready for go-live,' says Patrick Howard, who leads Deloitte Consulting's public sector state health care practice."
Hugh Pickens DOT Com writes "CNN reports that Jared James Abrahams, a 19-year-old computer science student, has been arrested for allegedly hijacking the webcams of young women — among them reigning Miss Teen USA Cassidy Wolf — taking nude images, then blackmailing his victims to send him more explicit material or else be exposed. Abrahams admitted he had 30 to 40 'slave computers' — or other people's electronic devices he controlled — and has had as many as 150 total. His arrest came six months after a teenager identified in court documents as C.W. alerted authorities. She has since publicly identified herself as Cassidy Wolf, the recently crowned Miss Teen USA. Wolf received messages featuring pictures of her at her Riverside County address and others apparently taken months earlier when she lived in Orange County, says the criminal complaint (PDF). The message explained 'what's going to happen' if Wolf didn't send pictures or videos or 'do what I tell you to do' in a five-minute Skype videoconference, according to the criminal complaint. 'Either you do one of the things listed below or I upload these pics and a lot more (I have a LOT more and those are better quality) on all your accounts for everybody to see and your dream of being a model will be transformed into a pornstar (sic),' wrote Abrahams. FBI agents raided Abrahams' Temecula home in June and seized computers and hardware, cellphones and hacking software, court records show. Outside the court, Abrahams' lawyer, Alan Eisner, said that his client's family feels 'profound regret and remorse' over what happened. Eisner told CNN affiliate KTLA that Abrahams is autistic. 'The family wants to apologize for the consequences of his behavior to the families who were affected.'"