Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23,000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key," rather than stronger elliptic curve encryption. More from the article: "'Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,' Graham wrote in a blog post published Friday. 'Assuming no "breakthroughs," the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.' He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That's the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker."
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
itwbennett writes "The federal judge presiding over the U.S. electronic books case against Apple has barred the company from striking deals that would ensure that it could undercut prices of other retailers in the e-book market and also prohibited Apple from letting any one publisher know what deals the company is striking up with other publishers. For its part, Apple said it plans to appeal the ruling (PDF), denying that it conspired to fix ebook pricing. Meanwhile, Amazon is alerting customers of their potential payout, which could be as much as $3.82 for every eligible Kindle book."
Rob @CmdrTaco Malda writes "I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."
wabrandsma writes "Quoting Bruce Schneier in the Guardian: 'The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it. Government and industry have betrayed the internet, and us. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do."
coolnumbr12 writes "The U.S. government has had enough of the Syrian Electronic Army's hacks of Western media and government outlets. A week after the SEA shut down the New York Times, the FBI Cyber Division unit has officially added the pro-Assad hacker collective to its wanted list. The FBI issued an advisory that included information about the SEA, its capabilities, and some of its more heinous attacks. The advisory also warns networks to be on the lookout for attacks, and that anyone found to be aiding the SEA will be seen as terrorists actively aiding attacks against the U.S. websites."
coondoggie writes "What might have started out a whimsical protest against government surveillance tactics has morphed into more as a small town in Colorado has found itself overwhelmed with requests and cash for a unmanned aircraft hunting license that doesn't exist."
Trailrunner7 writes "In response to a lawsuit by the Electronic Frontier Foundation, the Department of Justice is preparing to release a trove of documents related to the government's secret interpretation of Section 215 of the PATRIOT Act. The declassified documents will include previously secret opinions of the Foreign Intelligence Surveillance Court. The decision by the Justice Department to release the documents is the second legal victory in recent weeks for the EFF related to the National Security Agency's intelligence collection programs. In August, the group won the release of a 2011 FISC opinion that revealed that the court ruled that some of the NSA's collection programs were illegal and unconstitutional. The newest decision will result in the release of hundreds of pages of documents related to the way the government has been interpreting Section 215, which is the measure upon which some of the NSA's surveillance programs are based. In a status report released Wednesday regarding the EFF's suit against the Department of Justice, attorneys for the government said that they will release the documents by Sept. 10."
An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.
rjnagle writes "I'm concerned about the implications of storing personal data on Gmail, Facebook, and other social media sites. I'm less worried about individual data than the accumulating mass of data which potentially be used against me (for targeted marketing, credit reporting and who knows what else?) One solution I'm considering is just to abandon individual accounts and start clean and new gmail/facebook accounts. So while Google/Doubleclick might possess lots of data about me from 2001-2012, from this point on, they only have a clean slate. Would this kind of solution address my privacy concerns? (assuming I remove cookies, change IP address before doing so etc). Or are an individual's profile by now so unique that simply creating a new gmail or Facebook account would fail to prevent these data collection agencies from figuring out who I am? Insights and tips are appreciated."
cold fjord writes with this excerpt from The Hill: "The National Rifle Association joined the American Civil Liberties Union's lawsuit on Wednesday to end the government's massive phone record collection program. In a brief filed in federal court, the NRA argues that the National Security Agency's database of phone records amounts to a 'national gun registry.' 'It would be absurd to think that the Congress would adopt and maintain a web of statutes intended to protect against the creation of a national gun registry, while simultaneously authorizing the FBI and the NSA to gather records that could effectively create just such a registry,' the group writes. ... In its filing, the gun-rights group claims that the NSA's database would allow the government to identify and track gun owners based on whether they've called gun stores, shooting ranges or the NRA. 'Under the government's reading of Section 215, the government could simply demand the periodic submission of all firearms dealers' transaction records, then centralize them in a database indexed by the buyers' names for later searching,' the NRA writes."
An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."
hypnosec writes "A cyber defense and IT security company has claimed that the reason behind recent surge in number of clients connecting to Tor is in fact a relatively unknown botnet and not NSA or genuine adoption of Tor. In late August there was a huge increase in Tor network traffic and number of clients connecting to the Tor network. As of this writing number of connections has quadrupled with over 2,500,000 clients connecting to the network. According to Fox-it, the surge in traffic is because of a botnet dubbed 'Mevade.A,' which is known to have Tor connectivity features. The company noted that the botnet may have links to a previously detected botnet dubbed 'Sefnit,' which also featured Tor connectivity. Fox-it claimed that they have found "references that the malware is internally known as SBC to its operators.""
An anonymous reader writes "GamePolitics reports that the Postal Regulatory Commission has ordered [PDF] the U.S. Postal Service to equalize the rates paid by mailers who send round trip DVDs, and concluding (sort of) a dispute that has been underway for more than four years. The new postage rates take effect on September 30th. Some mailers, prominantly Netflix, send their round-trip movie DVDs as 'letters,' but GameFly's gaming disks are sent in slightly bigger envelopes as 'flats' to avoid breakage, and so GameFly has paid a much higher postage rate. GameFly argued that this was unfair discriminatory treatment because USPS was providing special hand-sorting treatment for Netflix disks without charging Netflix for the extra handling. But now there's a new twist: the Postal Service wants to reclassify DVD mailing [PDF] as a competitive product, where the prices would not be limited by the rate of inflation, because it says that mailed DVDs compete with the internet, streaming services, and kiosks such as Redbox. The regulatory agency is accepting responses [PDF] from interested persons until September 11th to the Postal Service's latest comments on its request [PDF]."
Dan B. writes "After Australia's Conservative party (LNP) quietly posted a policy [PDF] to impose mandatory internet filtering just one day prior to the country's election, local premiere internet forum Whirlpool has gone in to overdrive with the fastest 50 page thread ever. At 8:30pm, both sides of politics were busy running media releases, with the Conservatives hastily back-pedalling on the policy, and the Government attacking it, accusing them of hypocrisy after voting down their own proposed filter 3 years prior, stating there was no proof filtering works."
recoiledsnake writes "A federal jury in Seattle ordered Google to pay Microsoft $14.5 million in damages for breach of contract for failing to license at reasonable terms standard essential patents covering wireless and video technology used in the Xbox game console. Motorola had demanded Microsoft pay annual royalties of up to $4 billion for use of patents that are part of the H.264 video and 802.11 wireless standards, which are baked into Windows and the Xbox video game console. Microsoft said it was willing to pay royalties but not at the 2.25 percent of the product price that Motorola sought. We previously covered Motorola's exorbitant demands."
rysiek writes "Remember MailPile, the privacy-focused, community-funded FOSS webmail project with built-in GPG support? The good news is, the funding campaign is a success, with $135k raised (the goal was $100k). The bad news is: PayPal froze MailPile's account, along with $45k that was on it, and will not un-freeze it until MailPile team provides 'an itemized budget and your development goal dates for your project.' One of the team members also noted: 'Communications with PayPal have implied that they would use any excuse available to them to delay delivering as much of our cash as possible for as long as possible.' PayPal doesn't have a great track record as far as fund freezing is concerned — maybe it's high time to stop using PayPal?"
mattydread23 writes "Data broker Acxiom did something a little unusual this week. It launched a service that lets you see the data they've collected on you. CITEworld writer Ron Miller checked it out, and found it to be mostly laughably inaccurate. Among the things they got wrong included his religion, his interests, and the number of kids he has. But worst? It pegged him as a Windows user."
netbuzz writes "Ruling that a judge erred in blocking two computer security experts from testifying that an incriminating Google Maps search record found on the defendant's laptop was planted there, a North Carolina appeals court has ordered a new trial for ex-Cisco employee Bradley Cooper, convicted two years ago in the 2008 strangulation death of his wife Nancy. 'The sole physical evidence linking Defendant to Ms. Cooper's murder was the alleged Google Map search, conducted on Defendant's laptop, of the exact area where Ms. Cooper's body was discovered,' wrote the appeals court. 'We hold ... that erroneously preventing Defendant from presenting expert testimony, challenging arguably the strongest piece of the State's evidence, constituted reversible error and requires a new trial.'"
Anita Hunt (lissnup) writes "Hot on the heels of Dave Cameron's demands to make such content universally 'opt-in,' the Independent reports 'Westminster computers were prevented from accessing sex sites 114,844 times last November alone and on 55,552 in April, while February saw just 15 and in June officials blocked 397 attempts.' No explanation has been offered for the variation, although it would be interesting to know if the fall in the number of recorded/reported attempts coincides with the date the FOI request was filed."
cervesaebraciator writes "Slashdot has reported before about the copyright nightmare of Dr. Martin Luther King Jr.'s 'I Have a Dream' Speech. Now, questions of intellectual property and the legacy of Dr. King have caused his children to go to court. The estate, run by King's sons, claims the rights to the intellectual property and memorabilia of Dr. King as assets. Accordingly, it has filed suit against the non-profit Martin Luther King Jr. Center for Nonviolent Change, run by King's daughter, for plans to continue using King memorabilia once a royalty-free licensing agreement expires, (which the estate says will be in September). As is the case with increasing frequency, one is left to wonder about the implications intellectual property claims have for free speech when they can be applied to so public a figure as Dr. King."