holy_calamity writes "MIT Technology Review reports on a new cryptosystem designed to protect stolen data against attempts to break encryption by brute force guessing of the password or key. Honey Encryption serves up plausible fake data in response to every incorrect guess of the password. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data. Ari Juels, who invented the technique and was previously chief scientist at RSA, is working on software to protect password managers using the technique."
Migrate from GitHub to SourceForge quickly and easily with this tool. Check out all of SourceForge’s recent improvements.×
Nerval's Lobster writes "Rovio Entertainment, the software company behind Angry Birds, denies that it knowingly shares data with the NSA, Britain's GCHQ, or any other national intelligence agency. But that didn't stop hackers from briefly defacing the Angry Birds website with an NSA logo and the title 'Spying Birds.' Rovio's troubles began with a New York Times article that suggested the NSA and GCHQ had installed backdoors in popular apps such as Angry Birds, allowing the agencies to siphon up enormous amounts of user data. The Times drew its information from government whistleblower Edward Snowden, who has leaked hundreds of pages of top-secret documents related to NSA activities over the past few months. 'The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries,' Rovio wrote in a statement on its website. 'If advertising networks are indeed targeted, it would appear that no Internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance.' The company pledged to evaluate its relationships with those ad networks. The controversy is unlikely to dampen enthusiasm for the Angry Birds franchise, which has enjoyed hundreds of millions of downloads across a multitude of platforms. It could, however, add momentum to continuing discussions about the NSA's reach into peoples' lives."
Hugh Pickens DOT Com writes "Naoki Hiroshima, creator of Cocoyon and a developer for Echofon, writes at Medium that he had a rare one-letter Twitter username — @N — and had been offered as much as $50,000 for its purchase. 'People have tried to steal it. Password reset instructions are a regular sight in my email inbox,' writes Hiroshima. 'As of today, I no longer control @N. I was extorted into giving it up.' Hiroshima writes that a hacker used social engineering with Paypal to get the last four digits of his credit card number over the phone then used that information to gain control of his GoDaddy account. 'Most websites use email as a method of verification. If your email account is compromised, an attacker can easily reset your password on many other websites. By taking control of my domain name at GoDaddy, my attacker was able to control my email.' Hiroshima received a message from his extortionist. 'Your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen again. I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5 minutes while I swap the handle in exchange for your godaddy, and help securing your data?' Hiroshima writes that it''s hard to decide what's more shocking, the fact that PayPal gave the attacker the last four digits of his credit card number over the phone, or that GoDaddy accepted it as verification. Hiroshima has two takeaways from his experience: Avoid custom domains for your login email address and don't let companies such as PayPal and GoDaddy store your credit card information."
George Maschke writes "Last year, the McClatchy newspaper group reported on a federal criminal investigation into individuals offering instruction on how to pass polygraph tests. The ongoing investigation, dubbed 'Operation Lie Busters,' has serious free speech implications, and one of the two men known to have been targeted is presently serving an 8-month prison term. The other, Doug Williams, himself a former police polygrapher, has this week for the first time gone public with the story of federal agents' February 2013 raid on his office and home (video). Williams, who has not been charged with a crime but remains in legal jeopardy, is selling his story in an e-book. Public interest website AntiPolygraph.org (which I co-founded) has published a synopsis."
As the NSA metadata collection scandal has developed, a number of technology and communications companies have fought to increase the transparency of the data collection process by publishing reports on how much data government agencies are asking them for. These transparency reports have been limited, however, because most government requests are entwined with a gag order. In a speech two weeks back, President Obama said this would change, and now the Dept. of Justice has announced new, slightly relaxed rules about what information companies can share. According to an email from the U.S. Deputy Attorney General (PDF) to the General Counsel of Google, Facebook, LinkedIn, Microsoft, and Yahoo, the companies can publish: how many Criminal Process requests they received, how many National Security Letters they received, how many accounts were affected by NSLs, how many Foreign Intelligence Surveillance Act orders were received (both for communications content and 'non-content'), and how many customers were targeted by FISA requests. The companies still aren't allowed to give specific numbers, but they can report them in bands of 1,000 — for example, 0-999, 1,000-1,999, etc. Information requests for old services cannot be disclosed for at least six months. The first information requests for a new service cannot be disclosed for two years. The companies also have the option of lumping all the NSL and FISA requests together — if they do that, they can report in bands of 250 instead of 1,000.
PUBPAT website's About page says, "The Public Patent Foundation at Benjamin N. Cardozo School of Law ('PUBPAT') is a not-for-profit legal services organization whose mission is to protect freedom in the patent system." Today's interviewee, Daniel B. Ravicher, is the group's Executive Director and founder. Eben Moglen is on the Board of Directors, and PUBPAT's goals have been aligned with the FSF since PUBPAT started. The most publicized PUBPAT success so far was, in conjunction with the ACLU, getting patents on naturally-occurring genes overturned. Go, PUBPAT!
DavidGilbert99 writes "Facebook updates its Android app quite a lot, but the latest version asks for some rather odd permissions. Rolling out in the UK this week, some users have noticed that it now wants permission to read your text messages. While most suspected Facebook wanted to access the data to try and serve you more targeted ads, Facebook says it is only so it can facilitate two-factor authentication...apparently."
swinferno writes "The Dutch ISPs Ziggo and XS4all are no longer required to block access to the websites of The Pirate Bay. [Original in Dutch; here's Google's translation.] This has been decided by the court in The Hague. The blockade has proven to be ineffective. The Dutch anti-piracy organization BREIN will have to reimburse legal costs of €326,000. The internet provider XS4ALL has already started lifting the ban. The website of The Pirate Bay was ordered to be blocked by the two major ISPs in January 2012. Recent studies by Amsterdam University and CentERdata showed that this did not reduce the number of downloads from illegal sources. Many people circumvented the blockade."
Trailrunner7 writes "A group of six Congressmen have asked President Barack Obama to remove James Clapper as director of national intelligence as a result of his misstatements to Congress about the NSA's dragnet data-collection programs. The group, led by Rep. Darrell Issa (R-Calif.), said that Clapper's role as DNI 'is incompatible with the goal of restoring trust in our security programs.' Clapper is the former head of the National Geospatial Intelligence Agency and has been DNI since 2010. In their letter to Obama, the group of Congressmen calling for his ouster said that he lied to Congress and should no longer be in office. 'The continued role of James Clapper as Director of National Intelligence is incompatible with the goal of restoring trust in our security programs and ensuring the highest level of transparency. Director Clapper continues to hold his position despite lying to Congress, under oath, about the existence of bulk data collection programs in March 2013. Asking Director Clapper, and other federal intelligence officials who misrepresented programs to Congress and the courts, to report to you on needed reforms and the future role of government surveillance is not a credible solution,' the letter from Issa, Ted Poe, Paul Broun, Doug Collins, Walter Jones and Alan Grayson says." "Misstatement," of course, being the favorite euphemism for "lie."
Capt.Albatross writes "At Slate, Chris Kirk presents a map of schools in the USA that both receive public funding and teach creationism. It also shows public schools in those states where they are allowed to teach creationism (without necessarily implying that creationism is taught in all public schools of those states). There is a brief outline of the regulations in those states where this occurs, but the amounts involved are not discussed."
schwit1 writes "New leaked NSA documents shed a new light on the agency's assault on the data controls of smartphone apps. Using app data permissions as a jumping off point, the documents show agency staffers building huge quantities of data, including 'intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.' One slide lists capabilities for 'hot mic' recording, high precision geotracking, and file retrieval which would reach any content stored locally on the phone, including text messages, emails and calendar entries. As the slide notes in a parenthetical aside, 'if it's on the phone, we can get it.'"
An anonymous reader writes "Charlie Shrem, the chief executive officer of bitcoin exchange BitInstant, has been arrested and charged with money laundering. 'In the federal criminal complaint, the Southern District of New York charges Shrem, the 24-year-old CEO of BitInstant, with three counts, including one count operating an unlicensed money transmitting business, one count of money laundering conspiracy and one count willful failure to file suspicious activity report. Robert Faiella, a Silk Road user who operated under the name “BTCKing,” was charged with one count of operating an unlicensed money transmitting business and one count money laundering conspiracy.'"
An anonymous reader writes "Tor Mail was an anonymized email service run over Tor. It was operated by a company called Freedom Hosting, which was shut down by the FBI last August. The owner was arrested for 'enabling child porn,' and the Tor Mail servers suddenly began hosting FBI malware that attempted to de-anonymize users. Now, Wired reports on a new court filing which indicates that the FBI was also able to grab Tor Mail's entire email database. 'The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: "email@example.com." Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau's own copy of "data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts," according to the complaint (PDF) sworn out by U.S. Postal Inspector Eric Malecki.'"
Nerval's Lobster writes "U.S. Attorney General Eric Holder made government whistleblower Edward Snowden a very peculiar offer last week: plead guilty, and the U.S. government would consider how to handle his criminal case. That seems an inverted way of doing things—in the United States, the discussions (if not the trial) usually come before the guilty plea—but Holder's statement hints yet again at the conundrum facing the government when it comes to Snowden, a former subcontractor for the National Security Agency (NSA) who leaked secrets about that group's intelligence operations to a number of newspapers, most notably The Guardian. It's unlikely that the U.S. government would ever consider giving full clemency to Snowden, but now it seems that various officials are willing to offer something other than locking him in a deep, dark cell and throwing away the key. If Snowden ever risked coming back to the United States (or if he was forced to return, thanks to the Russians kicking him out and no other country willing to give him asylum), and you were Holder and Obama, what sort of deal would you try to strike with everybody's favorite secrets-leaker?"
Hugh Pickens DOT Com writes "Yale Law School professors Amy Chua, the self-proclaimed 'Tiger Mom,' and her husband Jed Rubenfeld write in the NYT that it may be taboo to say it, but certain ethnic, religious and national-origin groups are doing strikingly better than Americans overall and Chua and Rubenfeld claim to have identified the three factors that account some group's upward mobility. 'It turns out that for all their diversity, the strikingly successful groups in America today share three traits that, together, propel success,' write Chua and Rubenfeld. 'The first is a superiority complex — a deep-seated belief in their exceptionality. The second appears to be the opposite — insecurity, a feeling that you or what you've done is not good enough. The third is impulse control.' Ironically, each element of the Triple Package violates a core tenet of contemporary American thinking. For example, that insecurity should be a lever of success is anathema in American culture. Feelings of inadequacy are cause for concern or even therapy and parents deliberately instilling insecurity in their children is almost unthinkable. Yet insecurity runs deep in every one of America's rising groups; and consciously or unconsciously, they tend to instill it in their children. Being an outsider in a society — and America's most successful groups are all outsiders in one way or another — is a source of insecurity in itself. Immigrants worry about whether they can survive in a strange land, often communicating a sense of life's precariousness to their children. Hence the common credo: They can take away your home or business, but never your education, so study harder. 'The United States itself was born a Triple Package nation, with an outsized belief in its own exceptionality, a goading desire to prove itself to aristocratic Europe and a Puritan inheritance of impulse control,' conclude Chua and Rubenfeld adding that prosperity and power had their predictable effect, eroding the insecurity and self-restraint that led to them. 'Thus the trials of recent years — the unwon wars, the financial collapse, the rise of China — have, perversely, had a beneficial effect: the return of insecurity...America has always been at its best when it has had to overcome adversity and prove its mettle on the world stage. For better and worse, it has that opportunity again today.'"
Maow writes "Edward Snowden has been interviewed by a German TV network and stated that the NSA is involved in industrial espionage, which is outside the range of national security. He claims that Siemens is a prime example of a target for the data collection. I doubt this would surprise AirBus or other companies, but it shall remain to be seen what measures global industries take (if any) to prevent their internal secrets from falling into NSA's — and presumably American competitors' — hands." AirBus is a good example of a company that has experienced spying from both sides.
New submitter pefisher writes "The British are apparently admitting that they track their citizens as they travel the world (through information provided by intelligence agencies) and are arresting them if they have been somewhere that frightens them. 'Sir Peter, who leads the Association of Chief Police Officer's "Prevent" strategy on counter-terrorism, told BBC Radio 4's Today programme that those returning from Syria "may well be charged and investigated, but they will be put into our programmes".' The program seems to consist of being spied on by the returnee's cooperative neighbors."
From Ars Technica comes this update in the defamation case filed by climate researcher Michael Mann against political commentator Mark Steyn of National Review magazine, who rhetorically compared Mann to Penn State coach Jerry Sandusky and accused him of publishing intentionally misleading research results. "The defendants tried to get it dismissed under the District of Columbia's Strategic Lawsuit Against Public Participation (SLAPP) statute, which attempts to keep people from being silenced by frivolous lawsuits. The judge hearing the case denied the attempt and then promptly retired; Mann next amended his complaint, leading an appeals court to send the whole thing back to a new trial judge. Now the new judge has denied the SLAPP attempt yet again. In a decision released late last week (and hosted by defendant Mark Steyn), the judge recognizes that the comparison to a child molester is part of the "opinions and rhetorical hyperbole" that are protected speech when used against public figures like Mann. However, the accompanying accusations of fraud are not exempt:"
The L.A. Times reports that a group of students and parents, fed up with what they see as overarching job security in California schools, are suing in the hopes of making harder for poor teachers to stay on the books. From the article: "The lawsuit, filed by the nonprofit, advocacy group Students Matter, contends that these education laws are a violation of the Constitution's equal protection guarantee because they do not ensure that all students have access to an adequate education. Vergara versus California, filed on behalf of nine students and their families, seeks to revamp a dismissal process that the plaintiffs say is too costly and time consuming, lengthen the time it takes for instructors to gain tenure and dismantle the 'last hired, first fired' policies that fail to consider teacher effectiveness. The lawsuit aims to protect the rights of students, teachers and school districts against a "gross disparity" in educational opportunity, lawyers for the plaintiffs said." Perhaps related.
An anonymous reader points out this recently published study (PDF) on detecting malicious (or at least suspicious) Tor exit relays. From their conclusions: "After developing a scanner, we closely monitored all ~1000 exit relays over a period of four months. Wed discovered 25 relays which were either outright malicious or simply misconfigured. Interestingly, the majority of the attacks were coordinated instead of being isolated actions of independent individuals. Our results further suggest that the attackers made an active effort to remain under the radar and delay detection." One of the authors, Philipp Winter, wrote a followup blog post to help clarify what the paper's findings mean for Tor users, including this clarification: "First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays 'in the wild."
The San Francisco Chronicle reports that "A federal judge overturned a jury's multimillion-dollar damage award to the programmer of the original John Madden Football video game on Wednesday, saying there was no evidence that his work was copied for seven years, without credit, by the marketer of later versions of the hugely successful game. The ruling by U.S. District Judge Charles Breyer of San Francisco spared Electronic Arts Inc. from nearly $4 million in damages, plus interest that could have exceeded $7 million. The jury verdict also could have led to larger damages against the company for later versions of the game, which reaped billions of dollars in revenues, if future juries found that those, too, had been lifted from the work of programmer Robin Antonick." Also at Kotaku.
tsu doh nimh writes "Michaels Stores Inc., which runs more than 1,250 crafts stores across the United States, said Saturday that it is investigating a possible data breach involving customer cardholder information. According to Brian Krebs, the journalist who broke the story [and, previously] news of the Target and Neiman Marcus breaches, the U.S. Secret Service has confirmed it is investigating. Krebs cited multiple sources in the banking industry saying they were tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc. In response to that story, Michaels issued a statement saying it 'recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.' In 2011, Michaels disclosed that attackers had physically tampered with point-of-sale terminals in multiple stores, but so far there are no indications what might be the cause of the latest breach. Both Target and Neiman Marcus have said the culprit was malicious software designed to steal payment card data, and at least in Target's case that's been shown to be malware made to infect retail cash registers."
Bob9113 writes "According to an article on Ars Technica, the Republican National Committee (RNC) has passed a resolution that "encourages Republican lawmakers to immediately take action to halt current unconstitutional surveillance programs and provide a full public accounting of the NSA's data collection programs." The resolution, according to Time, was approved by an overwhelming majority voice vote at the Republican National Committee's Winter Meeting General Session, going on this week in Washington, DC."
wiredmikey writes "Microsoft on Friday said that attackers breached the email accounts of a "select number" of employees, and obtained access to documents associated with law enforcement inquiries. According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts '..We have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,' said Adrienne Hall, General Manager at Microsoft's Trustworthy Computing Group. 'It appears that documents associated with law enforcement inquiries were stolen,' Hall said. Targeted attacks like this are not uncommon, especially for an organization like Microsoft. What's interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers—which may be the case if this was a 'hacktivist' attack."
Lasrick writes "Tom Bielefeld, a physicist specializing in nuclear security, writes a detailed article that has some surprising revelations about nuclear security in the U.S. (and elsewhere). Although some security measures have been tightened since 9/11, the US does not require transports of category-1 to be protected by armed guards, and individual states don't have to provide lists of 'safe havens' to the transport company (and they often don't). And at hospitals and other buildings that house radioactive materials and devices, 'security conditions remain hair-raising, even when these facilities have been checked by inspectors.'"
Toe, The writes "The New York Police Department has quietly installed about 200 temporary surveillance cameras in midtown Manhattan to help spot trouble along 'Super Bowl Boulevard,' a 13-block street fair on Broadway that's expected to draw large crowds during the windup to the game. The temporary cameras for the Super Bowl festivities will supplement a system of thousands of permanent cameras covering midtown and Wall Street that the NYPD monitors from a command center in lower Manhattan. The department has pioneered analytical software that allows it to program the cameras to detect suspicious activity, such as a bag or other objects left in one place for a long time. Hazmat and bomb squads will be on standby. Others officers will patrol with bomb-sniffing dogs. Still more will watch from rooftops and from police helicopters. At a recent security briefing at the stadium, police chiefs and other officials said success will be measured in part by how well authorities conceal all the concern over potential threats." Now it's a proven tradition: Superbowl crowds are a good place to test people-watching gear.
schwit1 sends this news from Aviation Week: "A new U.S. Defense Department report warns that ongoing software, maintenance and reliability problems with Lockheed Martin Corp's F-35 stealth fighter could delay the Marine Corps' plans to start using its F-35 jets by mid-2015. It said Lockheed had delivered F-35 jets with 50 percent or less of the software capabilities required by its production contracts with the Pentagon. The computer-based logistics system known as ALIS was fielded with 'serious deficiencies' and remained behind schedule, which affected servicing of existing jets needed for flight testing, the report said. It said the ALIS diagnostic system failed to meet even basic requirements. The F35 program, which began in 2001, is 70 percent over initial cost estimates, and years behind schedule, but top U.S. officials say it is now making progress. They have vowed to safeguard funding for the program to keep it on track. Earlier this week, the nonprofit Center for International Policy said Lockheed had greatly exaggerated its estimate (PDF) that the F-35 program sustained 125,000 U.S. jobs to shore up support for the program."
Hugh Pickens DOT Com writes "David Stout reports at Time Magazine that what began with a Craigslist ad from a lesbian couple calling for a sperm donor in rural Topeka, Kansas ended in court on Wednesday with a judge ordering the sperm donor to pay child support. The Kansas Department for Children and Families filed the case in October 2012 seeking to have William Marotta declared the father of a child born to Jennifer Schreiner in 2009 so he can be held responsible for about $6,000 in public assistance the state provided, as well as future child support. 'In this case, quite simply, the parties failed to perform to statutory requirement of the Kansas Parentage Act in not enlisting a licensed physician at some point in the artificial insemination process, and the parties' self-designation of (Marotta) as a sperm donor is insufficient to relieve (Marotta) of parental right and responsibilities to the child,' wrote Judge Mattivi. Marotta opposed that action, saying he had contacted Schreiner and her partner at the time, Angela Bauer, in response to an ad they placed on Craigslist seeking a sperm donor and signed a contract waiving his parental rights and responsibilities. 'We stand by that contract,' says Defense attorney Swinnen adding that the Kansas statute doesn't specifically require the artificial insemination be carried out by a physician. 'The insinuation is offensive, and we are responding vigorously to that. We stand by our story. There was no personal relationship whatsoever between my client and the mother, or the partner of the mother, or the child. Anything the state insinuates is vilifying my client, and I will address it.'"
theodp writes "Probably not the most fortuitous timing, but the USPTO has granted Google its wish for a patent on Transportation-Aware Physical Advertising Conversions, a system that arranges for free or discounted transportation to an advertiser's business location that will be more or less convenient based upon how profitable a customer is deemed. It's reminiscent of the free personal chauffeured limousine rides long enjoyed by Las Vegas casino 'whales', but at scale and using cars that may not have drivers. A server, Google explains, 'arranges the selected transportation option, for example, by dispatching a vehicle or providing instructions for using public transportation.' So, it seems a Larry or Sergey type might expect to be taken gratis to the Tesla dealership via a private autonomous car or even helicopter, while others may get a discount on a SF Muni bus ride to Safeway. Google also describes how advertisers will be able to use a customer's profile 'to exclude a customer from being considered for an offer based on exclusion criteria identified by a business,' such as age, job title, purchasing history, clothing size, or other 'desirable' characteristics."
An anonymous reader writes "Three out of five PCLOB board members are in agreement: The NSA spy programs are illegal.. Unfortunately, these lawyers are not in a position to act or make any changes, only to advise congress and the president. Could this be the start of change to come? 'According to leaked copies of a forthcoming report by the Privacy and Civil Liberties Oversight Board (PCLOB), the government's metadata collection program "lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value As a result, the board recommends that the government end the program.'" Not surprisingly, the Obama administration disagrees.
jfruh writes "The Supreme Court issued a ruling that might help marginally curb patent madness. Ruling on a case between Medtronic and Mirowski Family Ventures, the court rules that the burden of proof in patent infringement cases is always on the patent holder. This is true even in the specific case at hand, in which Medtronic sought a declaratory judgement that it was not violating the Mirowski patents."
An anonymous reader writes with this excerpt from TorrentFreak: "During a debate on the UK's Intellectual Property Bill, the Prime Minister's Intellectual Property Adviser has again called for a tougher approach to online file-sharing. In addition to recommending 'withdrawing Internet rights from lawbreakers,' Mike Weatherley MP significantly raised the bar by stating that the government must now consider 'some sort of custodial sentence for persistent offenders.' Google also got a bashing – again." The article goes on to say "Weatherley noted that the Bill does not currently match penalties for online infringement with those available to punish infringers in the physical world. The point was detailed by John Leech MP, who called for the maximum penalty for digital infringement to be increased to 10 years’ imprisonment instead of the current two years."
phantomfive writes "'Seven whistleblowers have been prosecuted under the Obama administration,' writes Jesselyn Radack, a lawyer who advised two of them. She explains why they can't get a fair trial. In the Thomas Drake case, the administration retroactively marked documents as classified, saying, 'he knew they should have been classified.' In the Bradley Manning case, the jury wasn't allowed to see what information was leaked. The defendants, all who have been charged with espionage, have limited access to court documents. Most of these problems happen because the law was written to deal with traitorous spies, not whistleblowers."
itwbennett writes "The New York City Health Department's Rat Information Portal provides raw data on where the rats are, based on inspections done by the health department, as well as by their rat indexing initiative. The portal isn't a new open data initiative, but if you're a NYC resident and not a big fan of rodents, the site is worth a look. 'The most interesting part of the portal is the interactive heat map of rat inspection data,' says ITworld's Phil Johnson. 'Using this interactive map, you can look up the inspection history, going back to 2009, for any address in the five boroughs. It will tell you the dates and results of any inspections, as well of any follow up compliance checks. As for raw data, the site provides city-wide rat reports, aggregated to the zip code level, going back to 2006.'"
Gunkerty Jeb writes "After months of public calls from privacy advocates and security experts, Verizon on Wednesday released its first transparency report, revealing that it received more than 164,000 subpoenas and between 1,000 - 2,000 National Security Letters in 2013. The report, which covers Verizon's landline, Internet and wireless services, shows that the company also received 36,000 warrants, most of which requested location or stored content data."
Sockatume writes "Remember the fun of spurious substring matches, AKA the Scunthorpe problem? The UK's advanced 'intelligent' internet filters do. Supposedly the country's great new filtering regime has been blocking a patch for League of Legends because some of the filenames within it include the substring 'sex.' Add one to the list of embarrassing failures for the nation's new mosaic of opt-out censorship systems, which have proven themselves incapable of distinguishing between abusive sites and sites for abuse victims, or sites for pornography versus sites for sexual and gender minorities."
schneidafunk writes " Dear subscriber, you are registered as a participant in a mass disturbance.' was the message sent to thousands of protesters as a new law prohibiting public demonstrations went into effect." From NYTimes: "... Protesters were concerned that the government seemed to be using cutting-edge technology from the advertising industry to pinpoint people for political profiling. Three cellphone companies in Ukraine ... denied that they had provided the location data to the government or had sent the text messages, the newspaper Ukrainskaya Pravda reported. Kyivstar suggested that it was instead the work of a 'pirate' cellphone tower set up in the area."
An anonymous reader writes "Canadian law professor Michael Geist reports that the Canadian arm of the RIAA is calling for new Internet regulation, including website blocking and search result manipulation. While the Canadian music industry experienced increased digital sales last year (sales declined in the U.S.) and the Ontario government is handing out tens of millions of tax dollars to the industry, the industry now wants the government to step in with website blocking and ordering search companies to change their results to focus on iTunes and other sales sites."
jjp9999 writes "Weibo, China's replacement for Twitter and Facebook, went offline for about two hours on Jan. 20, when a DNS attack switched its IP address to overseas VPN software used to circumvent censorship. On Jan. 21, the brief IP switch was the most discussed topic on Weibo, with one user, ITHome, saying posting 'What IP is 220.127.116.11? It's sure to go down in history.' The IP address is one of those used by Freegate, which is free software released by Chinese dissidents in the U.S. intended to help Chinese people break through the Great Firewall. However, Bill Xia, president of Dynamic Internet Technology, which makes Freegate, said he and his team of volunteers thought their networks were under attack when they got a surge of traffic with about 100,000 users a second hitting their IP address. Xia said they are still trying to analyze the incident, but he assumes it was a slip-up [on the part of] the Chinese authorities in charge of censoring content. 'Our guess is they messed up again,' he said. 'This doesn't make sense for them, so I assume it was a mistake in their operation.'"
New submitter fynbar writes "Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit (PDF). 'Two of the 25 servers appeared to redirect traffic when end users attempted to visit pornography sites, leading the researchers to suspect they were carrying out censorship regimes required by the countries in which they operated. A third server suffered from what researchers said was a configuration error in the OpenDNS server. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic. The servers did this by using the well-known sslstrip attack designed by researcher Moxie Marlinspike or another common MitM technique that converts unreadable HTTPS traffic into plaintext HTTP.'"
schwit1 writes "This report explains how Virgin Galactic space tourists could be grounded by federal regulations. From the article: 'Virgin Galactic submitted an application to the FAA's Office of Commercial Space Transportation in late August 2013, says Attenborough. The office, which goes by the acronym AST, has six months to review the application, meaning an approval may come as early as February. Industry experts, however, say that may be an overly optimistic projection. "An application will inevitably be approved, but it definitely remains uncertain exactly when it will happen," says Dirk Gibson, an associate professor of communication at the University of New Mexico and author of multiple books on space tourism. "This is extremely dangerous and unchartered territory. It's space travel. AST has to be very prudent," he says. "They don't want to endanger the space-farers or the public, and they can't let the industry get started and then have a Titanic-like scenario that puts an end to it all in the eyes of the public.""
enharmonix writes "Although Google initially invested in Intellectual Ventures, a patent holding firm, the two have since parted ways and are about to face off in court over some technologies used in Motorola (and other) phones. This is an important battle and the timing is significant given Congress's recent interest in patent reform. 'Two of the patents in the upcoming Motorola trial cover inventions by Richard Reisman, U.S. government records show. Through his company, Teleshuttle, Reisman has developed several patent portfolios for various technologies, including an online update service, according to the Teleshuttle website. IV claims that the two Reisman patents cover several of Motorola's older-generation cellphones that have Google Play, a platform for Android smartphone apps. Motorola argues that IV's patents should never have been issued because the inventions were known in the field already."
cold fjord writes with this excerpt from Computerworld: "[W]hite hat hacker David Kennedy, CEO of TrustedSec, may feel like he's beating his head against a stone wall. Kennedy said, 'I don't understand how we're still discussing whether the website is insecure or not. ... It is insecure — 100 percent.' Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly 'fixed,' he told Congress it was even more vulnerable to hacking and privacy breaches. ... 'Out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed ... other security researchers have also identified an additional 20+ exposures on the site.' ... Kennedy said he was able to access 70,000 records within four minutes ... At the House Science and Technology Committee hearing held last week ... elite white hat hackers — Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White – blasted the website's insecurity. ... Mitnick, the 'world's most famous hacker' testified: '... It would be a hacker's wet dream to break into Healthcare.gov ... A breach may result in massive identity theft never seen before — these databases house information on every U.S. citizen! It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices.'"
Slashdot contributor Bennett Haselton writes: "Internet users in Saudi Arabia, along with most users in the United Arab Emirates, are blocked by their respective government censors from accessing the websites of the Trinity Davison Lutheran Church, Deliverance Tabernacle Ministries in Pittsburgh, the Amitayu Buddhist Society of Taiwan, and GayFaith.org. An attempt to access any of those websites yields an error page like this one. However, the sites are not blocked because they conflict with the religions beliefs of those countries' governments. Rather, they are blocked because Smartfilter -- the American-made blocking program sold by McAfee, and used for state-mandated Internet censorship in those countries -- classifies those sites as "pornography". You can see the screen shots here, here, here and here." Read on for the rest of Bennett's thoughts.
An anonymous reader writes ""King.com, owners of Candy Crush, have received a U.S. trademark on the use of the word 'candy' in games and clothing. Forbes thinks it is overly broad. 'One would think Hasbro, the maker of that venerable children's board game (which does have video game versions) Candy Land, would already have this trademark sewed up.'" According to an update on the story, the company also has a EU trademark on the same term, but (however much comfort this is) is enforcing its claims only selectively, as against a game called All Candy Casino Slots – Jewel Craze Connect: Big Blast Mania Land.
An anonymous reader writes "A Google Glass user was interrogated without legal counsel for a couple of hours under suspicion that he may have been recording a film in the AMC movie theater. Although the matter could have been cleared in minutes, federal agents insisted on interrogating the user for hours. So long for our constitutional freedoms." Hours of being detained that could have been avoided if they had just searched his devices (which he repeatedly suggested they do): "Eventually, after a long time somebody came with a laptop and an USB cable at which point he told me it was my last chance to come clean. I repeated for the hundredth time there is nothing to come clean about and this is a big misunderstanding so the FBI guy finally connected my Glass to the computer, downloaded all my personal photos and started going though them one by one (although they are dated and it was obvious there was nothing on my Glass that was from the time period they accused me of recording). Then they went through my phone, and 5 minutes later they concluded I had done nothing wrong." Update: 01/21 21:41 GMT by U L : The Columbus Dispatch confirmed the story with the Department of Homeland Security. The ICE and not the FBI detained the Glass wearer, and there happened to be an MPAA task force at the theater that night, who then escalated the incident.
sandbagger writes "Health Canada scientists are so concerned about losing access to their research library that they're finding workarounds, with one squirreling away journals and books in his basement for colleagues to consult, says a report obtained by CBC News. The report said the number of in-house librarians went from 40 in 2007 to just six in April 2013. 'I look at it as an insidious plan to discourage people from using libraries' said Dr. Rudi Mueller, who left the department in 2012. 'If you want to justify closing a library, you make access difficult and then you say it is hardly used.' This is hardly new for Stephen Harper's Conservative government. Over the Christmas holidays, several scientific libraries were closed and their contents taken to the dump."
judgecorp writes "The group of security experts who urged people to boycot the RSA conference (over allegations that the security firm RSA has taken a $10 million bribe from the NSA to weaken the security of its products) have put together a rival conference called TrustyCon just down the road from San Francisco's Moscone Center, where the EMC-owned firm will have its conference at the end of February."
cold fjord writes "The Hill reports, 'Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) predicted Sunday that lawmakers who favored shutting down the bulk collection of telephone metadata would not be successful in their efforts as Congress weighs potential reforms to the nation's controversial intelligence programs. "I don't believe so," Feinstein said during an appearance on NBC's Meet the Press (video). "The president has very clearly said that he wants to keep the capability So I think we would agree with him. I know a dominant majority of the — everybody, virtually, except two or three, on the Senate Intelligence Committee would agree with that." ... "A lot of the privacy people, perhaps, don't understand that we still occupy the role of the Great Satan. New bombs are being devised. New terrorists are emerging, new groups, actually, a new level of viciousness," Feinstein said. "We need to be prepared. I think we need to do it in a way that respects people's privacy rights."'"