Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Government

New Zealand Spied On Nearly Two Dozen Pacific Countries 107

Posted by samzenpus
from the keep-your-eyes-on-your-own-paper dept.
An anonymous reader writes New documents from Edward Snowden indicate New Zealand undertook "full take" interception of communications from Pacific nations and forwarded the data to the NSA. The data, collected by New Zealand's Government Communications Security Bureau, was then fed into the NSA's XKeyscore search engine to allow analysts to trawl for intelligence. The New Zealand link helped flesh out the NSA's ambitions to intercept communications globally.
Privacy

Schneier: Either Everyone Is Cyber-secure Or No One Is 124

Posted by Soulskill
from the nobody's-safe-except-the-amish dept.
Presto Vivace sends a new essay from Bruce Schneier called "The Democratization of Cyberattack. Quoting: When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers.Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. ... We can't choose a world where the U.S. gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.
Wireless Networking

Flaw In GoPro Update Mechanism Reveals Users' Wi-Fi Passwords 35

Posted by timothy
from the oopsie dept.
An anonymous reader writes A vulnerability in the update mechanism for the wireless networks operated by GoPro cameras has allowed a security researcher to easily harvest over a 1,000 login credentials (including his own). The popular rugged, wearable cameras can be controlled via an app, but in order to do so the user has to connect to the camera's Wi-Fi network. Israel-based infosec expert Ilya Chernyakov discovered the flaw when he had to access the network of a friend's camera, but the friend forgot the login credentials.
Privacy

Supreme Court Gives Tacit Approval To Warrantless DNA Collection 130

Posted by timothy
from the welcome-to-gattica dept.
An anonymous reader writes On Monday, the U.S. Supreme Court refused to review a case involving the conviction of a man based solely on the analysis of his "inadvertently shed" DNA. The Electronic Frontier Foundation (EFF) argues that this tacit approval of the government's practice of collecting anyone's DNA anywhere without a warrant will lead to a future in which people's DNA are "entered into and checked against DNA databases and used to conduct pervasive surveillance."
Cellphones

Blackphone 2 Caters To the Enterprise, the Security-Minded and the Paranoid 58

Posted by samzenpus
from the press-p-for-privacy dept.
Mark Wilson writes While much of the news coming out of MWC 2015 has been dominated by Microsoft's Lumia 640, the Samsung Galaxy S6 Edge, and tablets from Sony, there's always room for something a little different. Following on from the security-focused Blackphone, Silent Circle used the Barcelona event to announce the follow-up — the Blackphone 2. The privacy-centric company has been working on the "world's first enterprise privacy platform" for some time now and the second generation Blackphone. As you would expect, there's a faster processor than before -- an 8-core beast -- as well as an upgraded 3GB RAM, a larger 5.5 inch screen and a bigger battery than before. Blackphone 2 has a $600 price tag and will be unleashed in July.
Government

Feds Admit Stingray Can Disrupt Bystanders' Communications 194

Posted by samzenpus
from the you're-breaking-up dept.
linuxwrangler writes The government has fought hard to keep details about use and effects of the controversial Stingray device secret. But this Wired article points to recently released documents in which the government admits that the device can cause collateral damage to other network users. The controversy has heated to the point that Florida senator Bill Nelson has made statements that such devices will inevitably force lawmakers to come up with new ways to protect privacy — a comment that is remarkable considering that the Stingray is produced by Harris Corporation which is headquartered in Nelson's home state.
Canada

Secret Memo Slams Canadian Police On Inaccurate ISP Request Records 18

Posted by samzenpus
from the tip-of-the-iceberg dept.
An anonymous reader writes Last fall, Daniel Therrien, the government's newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information. Michael Geist now reports that a secret internal memo reveals the situation was far worse, with auditors finding the records from Canada's lead law enforcement agency were unusable since they were "inaccurate and incomplete."
Privacy

AVG Announces Invisibility Glasses 150

Posted by samzenpus
from the now-you-see-it-now-you-don't dept.
BrianFagioli writes So what do these glasses from AVG Innovation Labs actually do? The security firm claims it can protect your identity in this new era of cameras everywhere. From the article: "'Through a mixture of technology and specialist materials, privacy wearables such as invisibility glasses can make it difficult for cameras or other facial recognition technologies to get a clear view of your identity', AVG claims. This is still in the prototype phase of testing, though it has been officially announced at Mobile World Congress in Barcelona. There's a lot of science behind this -- a series of infrared lights surrounding the eyes and nose is not visible to other people, but cameras will pick it up making recognition difficult at best. There's also reflective materials involved, which aids in the blocking, or so it's claimed."
Privacy

How Do You Handle the Discovery of a Web Site Disclosing Private Data? 230

Posted by samzenpus
from the what-to-do-and-what-not-to-do dept.
An anonymous reader writes I recently discovered that a partner web site of a financial institution I do business with makes it trivially easy to view documents that do not belong to me. As in, change the document ID in a URL and view someone else's financial documents. This requires no authentication, only a document URL. (Think along the lines of an online rebate center where you upload documents including credit card statements.) I immediately called customer service and spoke with a perplexed agent who unsurprisingly didn't know what to do with my call. I asked to speak with a supervisor who took good notes and promised a follow-up internally. I asked for a return call but have not yet heard back. In the meantime, I still have private financial information I consider to be publicly available. I'm trying to be responsible and patient in my handling of this, but I am second guessing how to move forward if not quickly resolved. So, Slashdot, how would you handle this situation?
Security

Pharming Attack Targets Home Router DNS Settings 39

Posted by samzenpus
from the protect-ya-neck dept.
msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.
Encryption

BlackPhone, In Wake of Gemalto Fallout, Receives $50 Million In Funding 59

Posted by timothy
from the small-steps dept.
An anonymous reader writes The BlackPhone, a $600-plus encrypted Android handset designed to keep the prying eyes of criminals and the government out of mobile communications, is now fully owned by Silent Circle thanks to the company raking in investment cash. Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone's hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted 'enterprise privacy ecosystem' at World Mobile Congress next week. A BlackPhone tablet is on the way, too.
Twitter

Twitter Adds "Report Dox" Option 101

Posted by timothy
from the better-late-than-never dept.
AmiMoJo writes Twitter announced that its abuse-report system, which was recently refined to simplify and shorten the reporting process, has now expanded to allow users to report content such as self-harm incidents and "the sharing of private and confidential information" (aka doxing). The announcement, posted by Twitter Vice President of User Services Tina Bhatnagar, explained that December's report-process update was met with a "tripling" of the site's abuse support staff, which has led to a quintupling of abuse report processing. Chat logs recently revealed how Twitter is used by small groups to create vast harassment campaigns, thanks to sock puppet account and relative anonymity.
Facebook

Facebook Puts Users On Suicide Watch 186

Posted by samzenpus
from the keeping-an-eye-on-things dept.
Mark Wilson writes A few months ago Twitter was criticized for teaming up with suicide prevention charity Samaritans to automatically monitor for key words and phrases that could indicate that someone was struggling to cope with life. Despite the privacy concerns that surrounded Samaritans Radar, Facebook has decided that it is going to launch a similar program in a bid to prevent suicides. Working with mental health organizations including Forefront, Now Matters Now, the National Suicide Prevention Lifeline, and Save.org, Facebook aims to provide greater help and support for anyone considering suicide or self-harm.
Security

OPSEC For Activists, Because Encryption Is No Guarantee 89

Posted by Soulskill
from the protect-yourself-before-somebody-wrecks-yourself dept.
Nicola Hahn writes: "In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that "there's no scenario in which we don't want really strong encryption."

Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto's network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.

The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It's called Operational Security (OPSEC), a topic that hasn't received much coverage — but it should.
The Internet

FCC Approves Net Neutrality Rules 631

Posted by Soulskill
from the done-and-done dept.
muggs sends word that the U.S. Federal Communications Commission has voted 3-2 to approve an expansion of their ability to regulate ISPs by treating them as a public utility. Under the rules, it will be illegal for companies such as Verizon or Cox Communications to slow down streaming videos, games and other online content traveling over their networks. They also will be prohibited from establishing "fast lanes" that speed up access to Web sites that pay an extra fee. And in an unprecedented move, the FCC could apply the rules to wireless carriers such as T-Mobile and Sprint -- a nod to the rapid rise of smartphones and the mobile Internet. ... The FCC opted to regulate the industry with the most aggressive rules possible: Title II of the Communications Act, which was written to regulate phone companies. The rules waive a number of provisions in the act, including parts of the law that empower the FCC to set retail prices — something Internet providers feared above all. However, the rules gives the FCC a variety of new powers, including the ability to: enforce consumer privacy rules; extract money from Internet providers to help subsidize services for rural Americans, educators and the poor; and make sure services such as Google Fiber can build new broadband pipes more easily.
Security

Schneier: Everyone Wants You To Have Security, But Not From Them 114

Posted by Soulskill
from the you-can-trust-us dept.
An anonymous reader writes: Bruce Schneier has written another insightful piece about the how modern tech companies treat security. He points out that most organizations will tell you to secure your data while at the same time asking to be exempt from that security. Google and Facebook want your data to be safe — on their servers so they can analyze it. The government wants you to encrypt your communications — as long as they have the keys. Schneier says, "... we give lots of companies access to our data because it makes our lives easier. ... The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices. ... We want our data to be secure, but we want someone to be able to recover it all when we forget our password. We'll never solve these security problems as long as we're our own worst enemy.
Encryption

Moxie Marlinspike: GPG Has Run Its Course 308

Posted by Soulskill
from the end-to-end-before-the-ends-moved dept.
An anonymous reader writes: Security researcher Moxie Marlinspike has an interesting post about the state of GPG-encrypted communications. After using GPG for much of its lifetime, he says he now dreads getting a GPG-encrypted email in his inbox. "Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It's up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; for comparison, the novel Fahrenheit 451 is only 40k words. Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the "strong set," and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today's standards, that's a shockingly small user base for a month of activity, much less 20 years." Marlinspike concludes, "I think of GPG as a glorious experiment that has run its course. ... GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography."
Businesses

Can Tracking Employees Improve Business? 87

Posted by Soulskill
from the he-hasn't-gotten-out-of-his-chair-for-11-hours-i-think-he-might-be-dead dept.
An anonymous reader writes: The rise of wearable technologies and big-data analytics means companies can track their employees' behavior if they think it will improve the bottom line. Now an MIT Media Lab spinout called Humanyze has raised money to expand its technology pilots with big companies. The startup provides sensor badges and analytics software that tracks how and when employees communicate with customers and each other. Pilots with Bank of America and Deloitte have led to significant business improvements, but workplace privacy is a big concern going forward.
AI

Facebook AI Director Discusses Deep Learning, Hype, and the Singularity 71

Posted by timothy
from the you-like-this dept.
An anonymous reader writes In a wide-ranging interview with IEEE Spectrum, Yann LeCun talks about his work at the Facebook AI Research group and the applications and limitations of deep learning and other AI techniques. He also talks about hype, 'cargo cult science', and what he dislikes about the Singularity movement. The discussion also includes brain-inspired processors, supervised vs. unsupervised learning, humanism, morality, and strange airplanes.
Cellphones

Pakistanis Must Provide Fingerprints Or Give Up Cellphone 134

Posted by Soulskill
from the must-donate-kidney-to-keep-tablet dept.
schwit1 sends this report from the Washington Post: Cellphones didn't just arrive in Pakistan. But someone could be fooled into thinking otherwise, considering the tens of millions of Pakistanis pouring into mobile phone stores these days. In one of the world's largest — and fastest — efforts to collect biometric information, Pakistan has ordered cellphone users to verify their identities through fingerprints for a national database being compiled to curb terrorism. If they don't, their service will be shut off, an unthinkable option for many after a dozen years of explosive growth in cellphone usage here.

Prompted by concerns about a proliferation of illegal and untraceable SIM cards, the directive is the most visible step so far in Pakistan's efforts to restore law and order after Taliban militants killed 150 students and teachers at a school in December. Officials said the six terrorists who stormed the school in Peshawar were using cellphones registered to one woman who had no obvious connection to the attackers.