Catch up on stories from the past week (and beyond) at the Slashdot story archive
nonprofiteer writes "What has been left out of the CISPA debate thus far is the FBI's long time workaround for information sharing with private industry: 'In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that "functions as a conduit between private industry and law enforcement." Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA's office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.'"
nbauman writes "WW2 veteran 'Big Hy' Strachman, 92, pirated 300,000 DVD movies and sent them to soldiers in Afghanistan and Iraq, where they were widely distributed and deeply appreciated. Soldiers would gather around personal computers for movie nights, with mortars blasting in the background. 'It's reconnecting to everything you miss,' said one. Strachman received American flags, appreciative letters, and snapshots of soldiers holding up their DVDs. He spent about $30,000 of his own money. Strachman retired from his family's window and shade business in Manhattan in the 1990s. After his wife Harriet died in 2003, he spent sleepless nights on the Internet, and saw that soldiers were consistently asking for movie DVDs. He bought bootlegged disks for $5 in Penn Station, and then found a dealer at his local barbershop. He bought a $400 duplicater that made 7 copies at once, and mailed them 84 at a time, to Army Chaplains. The MPAA said they weren't aware of his operation. The studios send reel-to-reel films to the troops."
MrSeb writes "According to reports from various industry sources, the Chinese government has begun the process of picking a national computer chip instruction set architecture (ISA). This ISA would have to be used for any projects backed with government money — which, in a communist country such as China, is a fairly long list of public and private enterprises and institutions, including China Mobile, the largest wireless carrier in the world. The primary reason for this move is to lessen China's reliance on western intellectual property. There are at least five existing ISAs on the table for consideration — MIPS, Alpha, ARM, Power, and the homegrown UPU — but the Chinese leadership has also mooted the idea of defining an entirely new architecture. What if China goes the DIY route and makes its own ISA or microarchitecture with silicon-level censorship and monitoring, or an always-open backdoor for the Chinese intelligence agencies?"
suraj.sun writes "Microsoft quietly fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account last Friday. The company was notified of the flaw by researchers at Vulnerability Lab on April 20th and responded with a fix within hours — but not until after widespread attacks, with the bug apparently spreading 'like wild fire' in the hacking community. Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password — a link with the token is sent to an account linked to the Hotmail account — and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account. Initially hackers were offering to crack accounts for $20 a throw. However, the technique became publicly known and started to spread rapidly with Web and YouTube tutorials showing the technique popping up across the Arabic-speaking Internet."
judgecorp writes "The UK government's consultation about the use of open source in public sector IT has been sent back to square one, with discussion results scrapped because the facilitator, Andy Hopkirk, is involved with Microsoft. Hopkirk is well regarded, but the open source community feels the debate dismissed RF (royalty free) standards in favor of the FRAND definition, which is more favorable to proprietary vendors."
judgecorp writes "Although ISPs protests failed to stop Britain's Digital Economy Act — which applies measures against illegal file sharing — they have succeeded in delaying it till 2014. As a result of the appeal a new impact assessment has to be carried out secondary legislation needs to be approved."
MrSeb writes "When we think of computer networks, we think of routers and servers and fiber optic cables and laptops and smartphones — we think of the internet. In actuality, though, the visible internet is just the tip of the iceberg. There are secret military networks, and ad hoc wireless networks, and utility companies have sprawling, cellular networks that track everything from the health of oil pipelines and uranium enrichment machines through to the remaining capacity of septic tanks — and much, much more. What if we connected all of these networks to the internet, to form an internet of things? What if we then put a massive computer at the middle of this internet of things and used this wealth of data to power smart cars, smart homes, smart supermarkets, and smart cities? Unsurprisingly, IBM and Cisco are already working on such smart cities. For nearly two years, Rio de Janeiro's utilities, traffic systems, and emergency services has been managed by a single 'Ops Center,' a huge hub of technologies provided by both IBM and Cisco. With 300 LCD screens spread across 100 rooms, connected via 30,000 meters of fiber optic cable, Ops Center staff monitor live video from 450 cameras and three helicopters, and track the location of 10,000 buses and ambulances via GPS. Other screens output the current weather, and simulations of tomorrow's weather up to 150 miles from the city — and yet more screens display heatmaps of disease outbreaks, and the probability of natural disasters like landslides. There's even a Crisis Room, which links the Ops Center to Rio's mayor and Civil Defense departments via a Cisco telepresence suite. This sounds awesome — but is it really a good idea to give a computer company (IBM is not an urban planner!) so much control over one of the world's biggest cities?"
wiedzmin writes "The House approved Cyber Intelligence Sharing and Protection Act with a 248 to 168 vote today. CISPA allows internet service providers to share Internet 'threat' information with government agencies, including DHS and NSA, without having to protect any personally identifying data of its customers, without a court order. It effectively immunizes ISPs from privacy lawsuits for disclosing customer information, grants them anti-trust protection on colluding on cybersecurity issues and allows them to bypass privacy laws when sharing data with each other."
Lucas123 writes "A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data."
redletterdave writes "On Thursday, researchers at MIT announced a breakthrough in glass-making technology, which basically involves a new way to create surface textures on glass to eliminate all of the drawbacks of glass, including unwanted reflections and glare. The research team wanted to build glass that could be adaptable to any environment: Their 'multifunctional' glass is not only crystal clear, but it also causes water droplets to bounce right off its surface, 'like tiny rubber balls.' The glass is self-cleaning, anti-reflective, and superhydrophobic. The invention has countless applications, including TV screens, as well as smartphone and tablet displays that benefit from the self-cleaning ability of the glass by resisting moisture and contamination by sweat."
First time accepted submitter ian_po writes "The U.S. Attorney's office has filed indictments against 7 people, including two Transportation Security Administration Screeners and two former TSA employees, after federal agents set up several smuggling sting operations. The alleged smuggling scheme was revealed after a suspected drug courier went to Terminal 5, where his flight was departing, instead of going through the Terminal 6 checkpoint his written instructions directed him to. Court documents indicate the plan was to return to Terminal 5 through a secure tunnel after being allowed through security by the accused Screener. The courier was caught with 10 pounds of cocaine at the other checkpoint by a different TSA agent. If convicted, the four TSA employees face a minimum of 10 years in Federal prison." If ten pounds of anything can get onto a plane by the simple expedient of bribery, please explain again why adult travelers, but not children, must remove their shoes as they stand massed in an unsecured part of a typical U.S. airport.
MojoKid writes "At present, the government's ability to share data on its citizens is fairly restricted, insomuch as the various agencies must demonstrate cause and need. This has created a somewhat byzantine network of guidelines and laws that must be followed — a morass of red tape that CISPA is intended to cut through. One of the bill's key passages is a provision that gives private companies the right to share cybersecurity data with each other and with the government 'notwithstanding any other provision of law.' The problem with this sort of blank check clause is that, even if the people who write the law have only good intentions, it provides substantial legal cover to others who might not. Further, the core problem with most of the proposed amendments to the bill thus far isn't that they don't provide necessary protections, it's that they seek to bind the length of time the government can keep the data it gathers, or the sorts of people it can't collect data on, rather than protecting citizens as a whole. One proposed amendment, for example, would make it illegal to monitor protesters — but not other groups. It's not hard to see how those seeking to abuse the law could find a workaround — a 'protester' is just a quick arrest away from being considered a 'possible criminal risk.'"
benfrog writes "A German court has ruled that clients, not banks, are responsible for losses in phishing scams. The German Federal Court of Justice (the country's highest civil court) ruled in the case of a German retiree who lost €5,000 ($6,608) in a bank transfer fraudulently sent to Greece. According to The Local, a German news site, the man entered 10 transaction codes into a site designed to look like his bank's web site and his bank is not liable as it specifically warned against such phishing attacks."
First time accepted submitter casac8 writes "As Friday's House vote on CISPA nears, it appears Congress members are getting nervous. Literally millions of people around the world have signed petitions voicing their opposition, and it appears Congress has heard their concerns, as House members are considering a number of amendments aimed at limiting the negative impacts the legislation would have on Internet privacy. For instance, one amendment likely to pass would tighten the bill's language to ensure its provisions are only applied in the pursuit of legit crimes and other rare instances, rather than whenever the NSA wants to target Joe Web-user. And another would increase possible liability on the parts of companies who hand personal information over to the government."