Catch up on stories from the past week (and beyond) at the Slashdot story archive
mask.of.sanity writes Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals.
v3rgEz (125380) writes A month before Comcast's announcement of a $45B takeover of rival Time-Warner, Comcast's top lobbyist invited the US government's top antitrust regulators to share the company's VIP box at the Sochi Olympics. A Freedom of Information Act request from Muckrock reveals that the regulators reluctantly declined, saying "it sounds like so much fun" but the pesky "rules folks" would frown on it, instead suggesting a more private dinner later.
realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."
New submitter DaveSmith1982 writes with word from PV Tech that A property tax exemption for solar power systems in California has been extended to 2025, following the passing of a bill as part of the annual state budget. Senate Bill 871 (SB871) was approved during the signing of the budget by governor Jerry Brown, which took place last week. The wording of SB871 extends the period during which property taxes will not be applied to "active solar energy systems," which includes PV and solar water heaters.
New submitter marxmarv writes If you search the web for communications security information, or read online tech publications like Linux Journal or BoingBoing, you might be a terrorist. The German publication Das Erste disclosed a crumb of alleged XKeyScore configuration, with the vague suggestion of more source code to come, showing that Tor directory servers and their users, and as usual the interested and their neighbor's dogs due to overcapture, were flagged for closer monitoring. Linux Journal, whose domain is part of a listed selector, has a few choice words on their coveted award. Would it be irresponsible not to speculate further?
New submitter thittesd0375 (1111917) writes New rules adopted by the FCC will greatly limit the amount of bandwidth available in the unlicensed U-NII band used to deliver internet to rural areas. The filters required to comply with the new rules would shrink the available frequencies from 125MHz to only 45MHz. Petitions to reconsider this ruling can be submitted here and previous petitions can be found here.
An anonymous reader writes with this excerpt from TechDirt: Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated 12 of the Austrian penal code, which effectively says:"Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action." In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.
tobiasly (524456) writes I run a few websites which are occasionally the target of bogus DMCA takedown requests. Even a cursory look at these requests would reveal that the content these requests try to have removed are not even eligible for copyright (for example, someone named "John Smith" decides he wants to have every instance of his name removed from the internet, so he claims he has a copyright on "John Smith", and the comment section of my website has that name somewhere.) I'm guessing most webmasters of sites with significant traffic face this problem, but I'm having difficulty finding information on domain registrars' and hosting providers' DMCA response policies. Most seem to over-react and require an official counter-response. I'm worried I'll miss one of these someday and find that my entire domain was suspended as a result. Both my domain registrar and hosting provider have forwarded these notices in the past. I'm also worried that they're forwarding my response (including personal details) to the original complainant. Which domain registrars and hosting providers have you found who handle these complaints in a reasonable manner, and filter out the ones that are obviously bogus? Which ones have a clearly stated policy regarding these requests, and respect the site owner's privacy? Some of these domains are .us TLD, which unfortunately will limit my choice to U.S.-based companies.
AthanasiusKircher (1333179) writes The story is classic: Boy meets Girl. Boy likes Girl. Boy goes on the internet and writes about his fantasies that involve killing and eating Girl. Boy goes to jail. In this case, the man in question, NYC police officer Gilberto Valle, didn't act on his fantasies — he just shared them in a like-minded internet forum. Yesterday, Valle was released from jail after a judge overturned his conviction on appeal. U.S. District Judge Paul Gardephe wrote that Valle was "guilty of nothing more than very unconventional thoughts... We don't put people in jail for their thoughts. We are not the thought police and the court system is not the deputy of the thought police." The judge concluded that there was insufficient evidence, since "this is a conspiracy that existed solely in cyberspace" and "no reasonable juror could have found that Valle actually intended to kidnap a woman... the point of the chats was mutual fantasizing about committing acts of sexual violence on certain women." (A New York magazine article covered the details of the case and the implications of the original conviction earlier this year.)
rudy_wayne (414635) writes A Goldman Sachs contractor was testing internal changes made to Goldman Sachs system and prepared a report with sensitive client information, including details on brokerage accounts. The report was accidentally e-mailed to a 'gmail.com' address rather than the correct 'gs.com' address. Google told Goldman Sachs on June 26 that it couldn't just reach into Gmail and delete the e-mail without a court order. Goldman Sachs filed with the New York Supreme Court, requesting "emergency relief" to avoid a privacy violation and "avoid the risk of unnecessary reputational damage to Goldman Sachs."
Graculus (3653645) writes Budgetmakers in the U.S. Senate have moved to halt U.S. participation in ITER, the huge international fusion experiment now under construction in Cadarache, France, that aims to demonstrate that nuclear fusion could be a viable source of energy. Although the details are not available, Senate sources confirm a report by Physics Today that the Senate's version of the budget for the Department of Energy (DOE) for fiscal year 2015, which begins 1 October, would provide just $75 million for the United States' part of the project. That would be half of what the White House had requested and just enough to wind down U.S. involvement in ITER. According to this story from April, the U.S. share of the ITER budget has jumped to "$3.9 billion — roughly four times as much as originally estimated." (That's a pretty big chunk; compare it, say, to NASA's entire annual budget.)
wiredmikey writes Researchers with RSA have discovered a Boleto malware (Bolware) ring that compromised as many as 495,753 Boleto transactions during a two-year period. Though it is not clear whether the thieves successfully collected on all of the compromised transactions, the value of those transactions is estimated to be worth as much as $3.75 billion. A Boleto is essentially a document that allows a customer to pay an exact amount to a merchant. Anyone who owns a bank account — whether a company or an individual — can issue a Boleto associated with their bank. The first signs of its existence appeared near the end of 2012 or early 2013, when it began to be reported in the local news media," according to the report (PDF). "The RSA Research Group analyzed version 17 of the malware, gathering data between March 2014 and June 2014. The main goal of Boleto malware is to infiltrate legitimate Boleto payments from individual consumers or companies and redirect those payments from victims to fraudster accounts."
An anonymous reader writes There's an independent agency within the U.S. government called the Privacy and Civil Liberties Oversight Board. Their job is to weigh the benefits of government actions — like stopping terrorist threats — against violations of citizens' rights that may result from those actions. As you might expect, the NSA scandal landed squarely in their laps, and they've compiled a report evaluating the surveillance methods. As the cynical among you might also expect, the Oversight Board gave the NSA a pass, saying that while their methods were "close to the line of constitutional reasonableness," they were used for good reason. In the completely non-binding 191-page report (PDF), they said, "With regard to the NSA's acquisition of 'about' communications [metadata], the Board concludes that the practice is largely an inevitable byproduct of the government's efforts to comprehensively acquire communications that are sent to or from its targets. Because of the manner in which the NSA conducts upstream collection, and the limits of its current technology, the NSA cannot completely eliminate 'about' communications from its collection without also eliminating a significant portion of the 'to/from' communications that it seeks."
the simurgh writes: As many who follow the Kim Dotcom saga know, New Zealand police seized his encrypted computer drives in 2012, copies of which were illegally passed to the FBI. Fast-forward to 2014: Dotcom wants access to the seized but encrypted content. A New Zealand judge has now ruled that even if the Megaupload founder supplies the passwords, the encryption keys cannot be forwarded to the FBI.
vortex2.71 (802986) writes Amazon is suing a former employee of its cloud services division after he took a similar position at Google. The interesting aspect of the lawsuit is that Google is choosing to vigorously defend the lawsuit, so this is a case of Goliath vs. Goliath rather than David vs. Goliath. According to court documents, Zoltan Szabadi left a business-development position at Amazon Web Services for Google's Cloud Platform division. Szabadi's lawyer responded by contending that, while Szabadi did sign a non-compete agreement, he would only use his general knowledge and skills at Google and would not use any confidential information he had access to at Amazon. He also believes Amazon's confidentiality and non-compete agreements are an unlawful business practice.
mrspoonsi (2955715) writes with this excerpt from the BBC: ISPs from the U.S., UK, Netherlands, and South Korea have joined forces with campaigners Privacy International to take GCHQ to task over alleged attacks on network infrastructure. It is the first time that GCHQ has faced such action. The ISPs claim that alleged network attacks, outlined in a series of articles in Der Spiegel and the Intercept, were illegal and "undermine the goodwill the organizations rely on." The complaint (PDF).
MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.
jones_supa writes: Russia's legislature, often accused of metaphorically turning back the clock, has decided to do it literally – abandoning the policy of keeping the country on daylight-saving time all year. The 2011 move to impose permanent "summer time" in 2011 was one of the most memorable and least popular initiatives of Dmitry Medvedev's presidency. It forced tens of millions to travel to their jobs in pitch darkness during the winter. In the depths of December, the sun doesn't clear the horizon in Moscow until 10am. The State Duma, the lower house of parliament, voted 442-1 on Tuesday to return to standard time this autumn and stay there all year. The article also discusses a ban on swearing in books, plays, and films that went into effect today in Russia.
An anonymous reader writes: If you're involved in the free and open-source software movement — especially in the United States — you may want to read through this, as long as it may seem. It appears that the United States' Internal Revenue Service has strongly shifted its views of free and open-source software, and to the detriment of the movement, in my opinion. From the article: "The IRS reasons that since Yorba’s open source software may be used for any purpose, Yorba is not a charity. Consider all the for-profit and non-charitable ways the Apache server is used; I’d still argue Apache is a charitable organization. (What else could it be?) There’s a charitable organization here in San Francisco that plants trees throughout the city for the benefit of all. If one of their tree’s shade falls on a cafe table and cools the cafe’s patrons as they enjoy their espressos, does that mean the tree-planting organization is no longer a charity?"
McGruber (1417641) writes "In June 2013, Atlanta police arrested costumed street performer "Baton Bob" during the middle of a street performance after Baton Bob was allegedly involved in a verbal altercation with mall security guards. Now, a year later, Baton Bob has filed a federal lawsuit accusing Atlanta police of violating his constitutional rights, assault, discrimination, privacy violations and identify theft. Atlanta Police allegedly forced Baton Bob to make a pro-police statement on his Facebook page before officers would allow Bob to be released on bond. According to the lawsuit: "At approximately 3:40 p.m., while Plaintiff sat handcuffed and without an attorney, he was told to dictate a public statement to Officer Davis, who then typed and posted the message to the Baton Bob Facebook account. The message read: 'First of all, the atl police officer that responded to the incident thru security has been very respectful and gracious to me even in handcuffs. So, the situation escalated from a complaint from a security officer in the area and for some reason she rolled up on me like she didn't know who I was and like I had not been there before. For them to call police to come to intervene was not necessary. So, out of it, because of my fury, the Atlanta police officer did not understand the elements of the situation, so he was trying to do his job, respectfully and arrested my ass!!!!!!!!! I'll be out tomorrow so look out for my show at 14th and Peachtree. So now I'm waiting to be transported so I can sign my own bond and get the hell out of here. I want to verify, that the Atlanta police was respectful to me considering the circumstances. See you when I see you!!!!!!!!!!!!!!' As promised, Plaintiff was then given a signature bond and released from jail."