An anonymous reader writes: The used smartphone market is thriving, with many people selling their old devices on eBay or craigslist when it's time to upgrade. Unfortunately, it seems most people are really bad at wiping their phone of personal data before passing it on to a stranger. Antivirus company Avast bought 20 used Android phones off eBay, and used some basic data recovery software to reconstruct deleted files. From just those 20 phones, they pulled over 40,000 photographs, including 1,500 family pictures of children and over a thousand more.. personal pictures. They also recovered hundreds of emails and text messages, over a thousand Google searches, a completed loan application, and identity information for four of the previous owners. Only one of the phones had security software installed on it, but that phone turned out to provide the most information of all: "Hackers at Avast were able to identify the previous owner, access his Facebook page, plot his previous whereabouts through GPS coordinates, and find the names and numbers of more than a dozen of his closest contacts. What's more, the company discovered a lot about this guy's penchant for kink and a completed copy of a Sexual Harassment course — hopefully a preventative measure."
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Jason Koebler writes: The last remaining strains of smallpox are kept in highly protected government laboratories in Russia and at the Centers for Disease Control in Atlanta. And, apparently, in a dusty cardboard box in an old storage room in Maryland. The CDC said today that government workers had found six freeze-dried vials of the Variola virus, which causes smallpox, in a storage room at the National Institutes of Health in Bethesda, Maryland last week. Each test tube had a label on it that said "variola," which was a tip-off, but the agency did genetic testing to confirm that the viruses were, in fact, smallpox.
chicksdaddy writes: When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft, which spent the last five years as the Internet's Dirty Harry: using its size, legal muscle and wealth to single-handedly take down cyber criminal networks from Citadel, to Zeus to the recent seizure of servers belonging to the (shady) managed DNS provider NO-IP. The company's aggressive posture towards cyber crime outfits and the companies that enable them has earned it praise, but also criticism. That was the case last week after legitimate customers of NO-IP alleged that Microsoft's unilateral action had disrupted their business. There's evidence that those criticisms are hitting home – and that Microsoft may be growing weary of its role as judge, jury and executioner of online scams. Microsoft Senior Program Manager Holly Stewart gave a sober assessment of the software industry's fight against cyber criminal groups and other malicious actors. Speaking to a gathering of cyber security experts and investigators at the 26th annual FIRST Conference in Boston, she said that the company has doubts about the long term effectiveness of its botnet and malware takedowns.
New submitter jbmartin6 writes: The Panopticon may be coming, but perhaps not how we think. Instead of a massive government surveillance program, we might end up subjected to ubiquitous monitoring to save on our insurance premiums. The "internet of things (you can't get away from)" makes this more and more possible. Here a company saved money on its health insurance premiums by distributing Fitbits and an online service to enable reporting fitness gains back to the insurance company. We've already seen the stories on using black boxes to monitor drivers. There is even an insurance company named Panoptic! Heck, why not a premium hike for owners of this or that "aggressiveness gene"? What if in the future we got a quick "+50 cents" tweet for every scoop of ice cream? I suppose the natural stopping point might be the balance between an individual's willingness to be monitored and the desire to reduce insurance premiums.
schwit1 (797399) writes "Over 20 years after being smuggled out of Russia, a trove of KGB documents are being opened up to the public for the first time. The leaked documents include thousands of files and represent what the FBI is said to view as "the most complete and extensive intelligence ever received from any source." The documents include KGB information on secret Russian weapons caches, Russian spies, and KGB information on the activities of Pope John Paul II. Known as the Mitrokhin Archive, the files are all available as of today at Churchill College's Archives Centre."
Presto Vivace (882157) links to a critical look in Time Magazine at the creepy side of connected household technology. An excerpt: A modern surveillance state isn't so much being forced on us, as it is sold to us device by device, with the idea that it is for our benefit. ... ... Nest sucks up data on how warm your home is. As Mocana CEO James Isaacs explained to me in early May, a detailed footprint of your comings and goings can be inferred from this information. Nest just bought Dropcam, a company that markets itself as a security tool allowing you to put cameras in your home and view them remotely, but brings with it a raft of disquieting implications about surveillance. Automatic wants you to monitor how far you drive and do things for you like talk to your your house when you're on your way home from work and turn on lights when you pull into your garage. Tied into the new SmartThings platform, a Jawbone UP band becomes a tool for remotely monitoring someone else's activity. The SmartThings hubs and sensors themselves put any switch or door in play. Companies like AT&T want to build a digital home that monitors your security and energy use. ... ... Withings Smart Body Analyzer monitors your weight and pulse. Teddy the Guardian is a soft toy for children that spies on their vital signs. Parrot Flower Power looks at the moisture in your home under the guise of helping you grow plants. The Beam Brush checks up on your teeth-brushing technique. Presto Vivaci adds, "Enough to make the Stasi blush. What I cannot understand is how politicians fail to understand what a future Kenneth Starr is going to do with data like this."
First time accepted submitter ugen (93902) writes "The son of a Russian lawmaker has been arrested by the U.S. on charges of selling credit card information he stole by hacking into the computers of American retailers. Roman Seleznev, 30, was arrested overseas by the U.S. Secret Service on July 5 and was ordered detained today during a hearing in federal court in Guam, the Justice Department said in a statement."
AHuxley (892839) writes The Sydney Morning Herald is reporting that Australian federal and state police are using a no warrant cell phone tower metadata access technique called a "tower dump". A "tower dump" provides the identity, activity and location of all cell phones that connect a cellphone tower(s) over time (an hour or two). The metadata from thousands of phones and numbers connected are then sorted. Australian law-enforcement agencies made 330,000 requests for metadata in 2012-13. AHuxley links to some U.S. views on the same kind of massive data grab: The Wall Street Journal says they caputure innocent users' data; the Chicago Police Department is being sued for information on its purchases of equipment associated with this kind of slurping; and the EFF asks whether warrant protection for users' data will be extended by voice-comm companies as it has been for ISPs. I wonder what people would think of an occasional "postal zone dump" employing the same kind of dragnet but for communications on paper.
itwbennett (1594911) writes "The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday. The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the SSNs and other sensitive information and were available under the state's public records law." Ten copies were requested under the public records law.
mpicpp writes with a story about researchers who have developed a way to steal passwords using video-capturing devices.Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn't even need to be able to read the screen — meaning glare is not an antidote. The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode. They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.
An anonymous reader writes Jeffrey Baldwin was essentially starved to death by his grandparents. Funds had been raised to build a monument for Jeffrey in Toronto. The monument was designed to feature Jeffrey in a Superman costume, and even though Superman should be public domain, DC Comics has denied the request. "The request to DC had been made by Todd Boyce, an Ottawa father who did not know the Baldwin family. Boyce was so moved by the testimony at the coroner’s inquest into Jeffrey’s death last year that he started an online fundraising campaign for the monument. DC’s senior vice-president of business and legal affairs, Amy Genkins, told Boyce in an email that 'for a variety of legal reasons, we are not able to accede to the request, nor many other incredibly worthy projects that come to our attention.'... For Boyce, it was a huge blow, as he felt the Superman aspect was a crucial part of the bronze monument, which will include a bench. The coroner’s inquest heard from Jeffrey’s father that his son loved to dress up as Superman."
Zothecula writes Imagine showing up at the airport to catch your flight, looking at your plane, and noticing that instead of windows, the cockpit is now a smooth cone of aluminum. It may seem like the worst case of quality control in history, but Airbus argues that this could be the airliner of the future. In a new US patent application, the EU aircraft consortium outlines a new cockpit design that replaces the traditional cockpit with one that uses 3D view screens instead of conventional windows.
angry tapir writes New Zealanders and Australians are often blocked from using cheap streaming services such as Netflix and Hulu and instead at the mercy of local content monopolies for popular shows such as Game of Thrones. However, a New Zealand ISP, Slingshot, has caused a stir by making a previously opt-in service called 'Global Mode' a default for its customers. The new service means that people in NZ don't need to bother with VPNs or setting up proxies if they want to sign up to Netflix — they can just visit the site. The service has also caused a stir in Australia where the high price for digital goods, such as movies from the iTunes store, is a constant source of irritation for consumers.
First time accepted submitter FriendlySolipsist points out a story about Rhode Island Police using a dog to find hidden hard drives. The recent arrival of golden Labrador Thoreau makes Rhode Island the second state in the nation to have a police dog trained to sniff out hard drives, thumb drives and other technological gadgets that could contain child pornography. Thoreau received 22 weeks of training in how to detect devices in exchange for food at the Connecticut State Police Training Academy. Given to the state police by the Connecticut State Police, the dog assisted in its first search warrant in June pinpointing a thumb drive containing child pornography hidden four layers deep in a tin box inside a metal cabinet. That discovery led the police to secure an arrest warrant, Yelle says. “If it has a memory card, he’ll sniff it out,” Detective Adam Houston, Thoreau’s handler, says.
An anonymous reader writes in with the latest news about NSA spying from documents leaked by Edward Snowden. Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else. Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or "minimized," more than 65,000 such references to protect Americans' privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S. residents."
Torrentfreak acquired slides from the Anti-Piracy and Content Protection Summit indicating that Rightscorp wants ISPs to disconnect repeat copyright infringers, and that 140 small ISPs are already doing so. From the article: Christopher Sabec, CEO of Rightscorp, says that they have been in talks with various Internet providers urging them to step up their game. Thus far a total of 140 ISPs are indeed following this disconnection principle. ... By introducing disconnections Rightcorp hopes to claim more settlements to increase the company’s revenue stream. They offer participating ISPs a tool to keep track of the number of warnings each customer receives, and the providers are encouraged to reconnect the subscribers if the outstanding bills have been paid. ... Cutting off repeat infringers is also in the best interests of ISPs according to Rightscorp, who note that it is a requirement for all providers if they are to maintain their DMCA safe harbor. The presentation slides seem to indicate that Rightscorp is planning to go after the safe harbor protections that ISPs are given under the DMCA in order to force the issue.
An anonymous reader writes What happens when the Chinese government drastically restricts the type of speech that can be used in their country's most popular public forum? Users start migrating to more private options, naturally. Microblogging service Sina Weibo is bleeding users, while the semiprivate WeChat is growing expansively. It's growing so quickly that the government is stepping up its efforts to monitor and delete conversations that don't meet its exacting standards. The site's posting rules have developed in an interesting way, given the lack of free speech: "WeChat allows the creation of public accounts that anyone can follow, but limits posts to one a day. In addition, access to public accounts is not possible on cellphones, making it more difficult, for instance, to launch an incriminating photo of a public official into the blogosphere. Comments are also deleted after a few days, making long-term discussions challenging and erasing a historical record." Is this the natural result of government meddling in online conversations? What will chat services in China (and other speech-stifling nations) look like in another five or ten years?
TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.
An anonymous reader writes Only days after receiving harsh criticism from all corners of the internet for taking down links to news articles, Google has started to reinstate those links. Google's Peter Barron denied that they were simply granting all "right to be forgotten" requests. "The European Court of Justice [ECJ] ruling was not something that we welcomed, that we wanted — but it is now the law in Europe and we are obliged to comply with that law," he said. Still, Google's actions are being called "tactical" for how quickly they were able to stir public dissent over the EU ruling. "It's convenient, then, that it's found a way to get the media to kick up the fuss for it: there are very few news organisations in the world who are happy to hear their output is being stifled. A few automated messages later, the story is back in the headlines – and Google is likely to be happy about that."
New submitter Plumpaquatsch writes: Deutsche Welle reports: "A member of Germany's foreign intelligence agency has been detained for possibly spying for the U.S. The 31-year-old is suspected of giving a U.S. spy agency information about a parliamentary inquiry of NSA activities. During questioning, the suspect reportedly told investigators that he had gathered information on an investigative committee from Germany's lower house of parliament, the Bundestag. The panel is conducting an inquiry into NSA surveillance on German officials and citizens; yesterday an ex-staffer told it the NSA was 'totalitarian' mass collector of data."
Bismillah writes: The Preferred Network Offload feature in Android extends battery life, but it also leaks location data, according to the Electronic Frontier Foundation. What's more, the same flaw is found in Apple OS X and Windows 7. "This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ('Tom’s Wi-Fi'), workplaces ('Company XYZ office net'), churches and political offices ('County Party HQ'), small businesses ('Toulouse Lautrec's house of ill-repute'), and travel destinations ('Tehran Airport wifi'). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."
An anonymous reader writes in with this article from the BBC about Google's recent removal of a news story from search results. "Google's decision to remove a BBC article from some of its search results was "not a good judgement", a European Commission spokesman has said. A link to an article by Robert Peston was taken down under the European court's "right to be forgotten" ruling. But Ryan Heath, spokesman for the European Commission's vice-president, said he could not see a "reasonable public interest" for the action. He said the ruling should not allow people to "Photoshop their lives". The BBC understands that Google is sifting through more than 250,000 web links people wanted removed."
mask.of.sanity writes Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals.
v3rgEz (125380) writes A month before Comcast's announcement of a $45B takeover of rival Time-Warner, Comcast's top lobbyist invited the US government's top antitrust regulators to share the company's VIP box at the Sochi Olympics. A Freedom of Information Act request from Muckrock reveals that the regulators reluctantly declined, saying "it sounds like so much fun" but the pesky "rules folks" would frown on it, instead suggesting a more private dinner later.
realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."
New submitter DaveSmith1982 writes with word from PV Tech that A property tax exemption for solar power systems in California has been extended to 2025, following the passing of a bill as part of the annual state budget. Senate Bill 871 (SB871) was approved during the signing of the budget by governor Jerry Brown, which took place last week. The wording of SB871 extends the period during which property taxes will not be applied to "active solar energy systems," which includes PV and solar water heaters.
New submitter marxmarv writes If you search the web for communications security information, or read online tech publications like Linux Journal or BoingBoing, you might be a terrorist. The German publication Das Erste disclosed a crumb of alleged XKeyScore configuration, with the vague suggestion of more source code to come, showing that Tor directory servers and their users, and as usual the interested and their neighbor's dogs due to overcapture, were flagged for closer monitoring. Linux Journal, whose domain is part of a listed selector, has a few choice words on their coveted award. Would it be irresponsible not to speculate further?
New submitter thittesd0375 (1111917) writes New rules adopted by the FCC will greatly limit the amount of bandwidth available in the unlicensed U-NII band used to deliver internet to rural areas. The filters required to comply with the new rules would shrink the available frequencies from 125MHz to only 45MHz. Petitions to reconsider this ruling can be submitted here and previous petitions can be found here.
An anonymous reader writes with this excerpt from TechDirt: Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated 12 of the Austrian penal code, which effectively says:"Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action." In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.
tobiasly (524456) writes I run a few websites which are occasionally the target of bogus DMCA takedown requests. Even a cursory look at these requests would reveal that the content these requests try to have removed are not even eligible for copyright (for example, someone named "John Smith" decides he wants to have every instance of his name removed from the internet, so he claims he has a copyright on "John Smith", and the comment section of my website has that name somewhere.) I'm guessing most webmasters of sites with significant traffic face this problem, but I'm having difficulty finding information on domain registrars' and hosting providers' DMCA response policies. Most seem to over-react and require an official counter-response. I'm worried I'll miss one of these someday and find that my entire domain was suspended as a result. Both my domain registrar and hosting provider have forwarded these notices in the past. I'm also worried that they're forwarding my response (including personal details) to the original complainant. Which domain registrars and hosting providers have you found who handle these complaints in a reasonable manner, and filter out the ones that are obviously bogus? Which ones have a clearly stated policy regarding these requests, and respect the site owner's privacy? Some of these domains are .us TLD, which unfortunately will limit my choice to U.S.-based companies.
AthanasiusKircher (1333179) writes The story is classic: Boy meets Girl. Boy likes Girl. Boy goes on the internet and writes about his fantasies that involve killing and eating Girl. Boy goes to jail. In this case, the man in question, NYC police officer Gilberto Valle, didn't act on his fantasies — he just shared them in a like-minded internet forum. Yesterday, Valle was released from jail after a judge overturned his conviction on appeal. U.S. District Judge Paul Gardephe wrote that Valle was "guilty of nothing more than very unconventional thoughts... We don't put people in jail for their thoughts. We are not the thought police and the court system is not the deputy of the thought police." The judge concluded that there was insufficient evidence, since "this is a conspiracy that existed solely in cyberspace" and "no reasonable juror could have found that Valle actually intended to kidnap a woman... the point of the chats was mutual fantasizing about committing acts of sexual violence on certain women." (A New York magazine article covered the details of the case and the implications of the original conviction earlier this year.)
rudy_wayne (414635) writes A Goldman Sachs contractor was testing internal changes made to Goldman Sachs system and prepared a report with sensitive client information, including details on brokerage accounts. The report was accidentally e-mailed to a 'gmail.com' address rather than the correct 'gs.com' address. Google told Goldman Sachs on June 26 that it couldn't just reach into Gmail and delete the e-mail without a court order. Goldman Sachs filed with the New York Supreme Court, requesting "emergency relief" to avoid a privacy violation and "avoid the risk of unnecessary reputational damage to Goldman Sachs."
Graculus (3653645) writes Budgetmakers in the U.S. Senate have moved to halt U.S. participation in ITER, the huge international fusion experiment now under construction in Cadarache, France, that aims to demonstrate that nuclear fusion could be a viable source of energy. Although the details are not available, Senate sources confirm a report by Physics Today that the Senate's version of the budget for the Department of Energy (DOE) for fiscal year 2015, which begins 1 October, would provide just $75 million for the United States' part of the project. That would be half of what the White House had requested and just enough to wind down U.S. involvement in ITER. According to this story from April, the U.S. share of the ITER budget has jumped to "$3.9 billion — roughly four times as much as originally estimated." (That's a pretty big chunk; compare it, say, to NASA's entire annual budget.)
wiredmikey writes Researchers with RSA have discovered a Boleto malware (Bolware) ring that compromised as many as 495,753 Boleto transactions during a two-year period. Though it is not clear whether the thieves successfully collected on all of the compromised transactions, the value of those transactions is estimated to be worth as much as $3.75 billion. A Boleto is essentially a document that allows a customer to pay an exact amount to a merchant. Anyone who owns a bank account — whether a company or an individual — can issue a Boleto associated with their bank. The first signs of its existence appeared near the end of 2012 or early 2013, when it began to be reported in the local news media," according to the report (PDF). "The RSA Research Group analyzed version 17 of the malware, gathering data between March 2014 and June 2014. The main goal of Boleto malware is to infiltrate legitimate Boleto payments from individual consumers or companies and redirect those payments from victims to fraudster accounts."
An anonymous reader writes There's an independent agency within the U.S. government called the Privacy and Civil Liberties Oversight Board. Their job is to weigh the benefits of government actions — like stopping terrorist threats — against violations of citizens' rights that may result from those actions. As you might expect, the NSA scandal landed squarely in their laps, and they've compiled a report evaluating the surveillance methods. As the cynical among you might also expect, the Oversight Board gave the NSA a pass, saying that while their methods were "close to the line of constitutional reasonableness," they were used for good reason. In the completely non-binding 191-page report (PDF), they said, "With regard to the NSA's acquisition of 'about' communications [metadata], the Board concludes that the practice is largely an inevitable byproduct of the government's efforts to comprehensively acquire communications that are sent to or from its targets. Because of the manner in which the NSA conducts upstream collection, and the limits of its current technology, the NSA cannot completely eliminate 'about' communications from its collection without also eliminating a significant portion of the 'to/from' communications that it seeks."
the simurgh writes: As many who follow the Kim Dotcom saga know, New Zealand police seized his encrypted computer drives in 2012, copies of which were illegally passed to the FBI. Fast-forward to 2014: Dotcom wants access to the seized but encrypted content. A New Zealand judge has now ruled that even if the Megaupload founder supplies the passwords, the encryption keys cannot be forwarded to the FBI.
vortex2.71 (802986) writes Amazon is suing a former employee of its cloud services division after he took a similar position at Google. The interesting aspect of the lawsuit is that Google is choosing to vigorously defend the lawsuit, so this is a case of Goliath vs. Goliath rather than David vs. Goliath. According to court documents, Zoltan Szabadi left a business-development position at Amazon Web Services for Google's Cloud Platform division. Szabadi's lawyer responded by contending that, while Szabadi did sign a non-compete agreement, he would only use his general knowledge and skills at Google and would not use any confidential information he had access to at Amazon. He also believes Amazon's confidentiality and non-compete agreements are an unlawful business practice.
mrspoonsi (2955715) writes with this excerpt from the BBC: ISPs from the U.S., UK, Netherlands, and South Korea have joined forces with campaigners Privacy International to take GCHQ to task over alleged attacks on network infrastructure. It is the first time that GCHQ has faced such action. The ISPs claim that alleged network attacks, outlined in a series of articles in Der Spiegel and the Intercept, were illegal and "undermine the goodwill the organizations rely on." The complaint (PDF).
MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.
jones_supa writes: Russia's legislature, often accused of metaphorically turning back the clock, has decided to do it literally – abandoning the policy of keeping the country on daylight-saving time all year. The 2011 move to impose permanent "summer time" in 2011 was one of the most memorable and least popular initiatives of Dmitry Medvedev's presidency. It forced tens of millions to travel to their jobs in pitch darkness during the winter. In the depths of December, the sun doesn't clear the horizon in Moscow until 10am. The State Duma, the lower house of parliament, voted 442-1 on Tuesday to return to standard time this autumn and stay there all year. The article also discusses a ban on swearing in books, plays, and films that went into effect today in Russia.
An anonymous reader writes: If you're involved in the free and open-source software movement — especially in the United States — you may want to read through this, as long as it may seem. It appears that the United States' Internal Revenue Service has strongly shifted its views of free and open-source software, and to the detriment of the movement, in my opinion. From the article: "The IRS reasons that since Yorba’s open source software may be used for any purpose, Yorba is not a charity. Consider all the for-profit and non-charitable ways the Apache server is used; I’d still argue Apache is a charitable organization. (What else could it be?) There’s a charitable organization here in San Francisco that plants trees throughout the city for the benefit of all. If one of their tree’s shade falls on a cafe table and cools the cafe’s patrons as they enjoy their espressos, does that mean the tree-planting organization is no longer a charity?"
McGruber (1417641) writes "In June 2013, Atlanta police arrested costumed street performer "Baton Bob" during the middle of a street performance after Baton Bob was allegedly involved in a verbal altercation with mall security guards. Now, a year later, Baton Bob has filed a federal lawsuit accusing Atlanta police of violating his constitutional rights, assault, discrimination, privacy violations and identify theft. Atlanta Police allegedly forced Baton Bob to make a pro-police statement on his Facebook page before officers would allow Bob to be released on bond. According to the lawsuit: "At approximately 3:40 p.m., while Plaintiff sat handcuffed and without an attorney, he was told to dictate a public statement to Officer Davis, who then typed and posted the message to the Baton Bob Facebook account. The message read: 'First of all, the atl police officer that responded to the incident thru security has been very respectful and gracious to me even in handcuffs. So, the situation escalated from a complaint from a security officer in the area and for some reason she rolled up on me like she didn't know who I was and like I had not been there before. For them to call police to come to intervene was not necessary. So, out of it, because of my fury, the Atlanta police officer did not understand the elements of the situation, so he was trying to do his job, respectfully and arrested my ass!!!!!!!!! I'll be out tomorrow so look out for my show at 14th and Peachtree. So now I'm waiting to be transported so I can sign my own bond and get the hell out of here. I want to verify, that the Atlanta police was respectful to me considering the circumstances. See you when I see you!!!!!!!!!!!!!!' As promised, Plaintiff was then given a signature bond and released from jail."
An anonymous reader writes In a post published Monday, Symantec writes that western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign. The group behind the operation, called Dragonfly by Symantec, originally targeted aviation and defense companies as early as 2011, but in early 2013, they shifted their focus to energy firms. They use a variety of malware tools, including remote access trojans (RATs) and operate during Eastern European business hours. Symantec compares them to Stuxnet except that "Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
mrspoonsi (2955715) writes A court permitted the NSA to collect information about governments in 193 countries and foreign institutions like the World Bank, according to a secret document the Washington Post published Monday. The certification issued by a Foreign Intelligence Surveillance Court in 2010 shows the NSA has the authority to "intercept through U.S. companies not just the communications of its overseas targets, but any communications about its targets as well," according to the Post's report. Only four countries in the world — Britain, Canada, Australia and New Zealand — were exempt from the agreement, due to existing no-spying agreements that the Post highlights in this document about the group of countries, known as "Five Eyes" with the U.S.
An anonymous reader writes For some reason that escapes me, a Judge has granted Microsoft permission to hijack NoIP's DNS. This is necessary according to Microsoft to thwart a "global cybercrime epidemic" being perpetrated by infected machines running Microsoft software. No-IP is a provider of dynamic DNS services (among other things). Many legitimate users were affected by the takedown: "This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives. ... We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening."
An anonymous reader writes "The U.S. Supreme Court declined to throw out a class-action lawsuit against Google for sniffing Wi-Fi networks with its Street View cars. The justices left intact a federal appeals court ruling that the U.S. Wiretap Act protects the privacy of information on unencrypted in-home Wi-Fi networks. Several class-action lawsuits were filed against Google shortly after the company acknowledged that its Street View cars were accessing email, web history and other data on unencrypted Wi-Fi networks. A Google spokesman said the company was disappointed that the Supreme Court had declined to hear the case."
An anonymous reader writes The Obama Administration is set to appoint Phil Johnson, a pharmaceutical industry executive, as the next Director of the United States Patent and Trademark Office, according to sources. The move is likely to anger patent reform advocates given Johnson's past efforts to block legislation aimed at reining in patent trolls, and in light of his positions that appear to contradict the White House's professed goal of fixing the patent system. The top job at the Patent Office has been vacant for around 18-months since the departure of previous director David Kappos in early 2013. Currently, the office is being managed by former Googler Michelle Lee, who was appointed deputy director in December. Earlier this month, Republican Senators led by Orrin Hatch (R-UT) sent a letter to President Obama that praised Lee but that also described the current USPTO management structure as "unfair, untenable and unacceptable for our country's intellectual property agency."
McGruber writes Atlanta Mayor Kasim Reed and New Orleans Mayor Mitch Landrieu agree: there will a 15 round fight between Uber and the taxicab industry that currently enjoys regulatory capture, but after a long fight, Uber will win. Landrieu says: "It actually is going to be a 15 round fight. And it's going to take time to work out, hopefully sooner rather than later. But that debate will be held.....But it is a forceful fight, and our city council is full of people on Uber's side, people on the cabs' side, and it's a battle." Mayor Reed of Atlanta also expressed how politically powerful the taxi cartels can be: "I tell you, Uber's worth more than Sony, but cab drivers can take you out. So you've got to [weigh that]. Get in a cab and they say, 'Well that mayor, he is sorry.' You come to visit Atlanta, they say, 'Well that Mayor Reed is as sorry as the day is long. Let me tell you how sorry he is while I drive you to your hotel. And I want you to know that crime is up.' This guy might knock you out. I want you to know it can get really real. It's not as easy as it looks."
theodp (442580) writes "The Internet's Own Boy, the documentary about the life and death of Aaron Swartz, was appropriately released on the net as well as in theaters this weekend, and is getting good reviews from critics and audiences. Which is kind of remarkable, since the Achilles' heel of this documentary, as critic Matt Pais notes in his review, is that "everyone on the other side of this story, from the government officials who advocated for Swartz's prosecution to Swartz's former Reddit colleagues to folks at MIT, declined participation in the film." Still, writer/director Brian Knappenberger manages to deliver a compelling story, combining interesting footage with interviews from Swartz's parents, brothers, girlfriends, and others from his Internet projects/activism who go through the stages of joy, grief, anger, and hope that one sees from loved ones at a wake. "This remains an important David vs. Goliath story," concludes Pais, "of a remarkable brain years ahead of his age with the courage and will to fight Congress-and a system built to impede, rather than encourage, progress and common sense. The Internet's Own Boy will upset you. As it should." And Quinn Norton, who inadvertently gave the film its title ("He was the Internet's own boy," Quinn said after Swartz's death, "and the old world killed him."), offers some words of advice for documentary viewers: "Your ass will be in a seat watching a movie. When it is done, get up, and do something.""
Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.