Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

  • German Intelligence Spying On Allies, Recorded Kerry, Clinton, and Kofi Annan

    cold fjord writes: According to Foreign Policy, "The revelation that Germany spies on Turkey, a NATO member, should dispel any notion that spying on allies violates the unwritten rules of international espionage. ... For nearly a year, the extent of NSA surveillance on German leaders ... has drawn stern rebuke from the German political and media establishment. ... Merkel went so far as to publicly oust the CIA station chief in Berlin. 'Spying among friends is not at all acceptable,' Merkel said. ... [C]alls made by Secretary of State John Kerry and former Secretary of State Hillary Clinton were accidentally recorded. ... 'It's a kind of delightful revelation given the fact that the Germans have been on their high horse.' Christian Whiton, a former ... State Department senior advisor, added that the report on German spying is a perfect example of why rifts over intelligence among allies should be handled quietly and privately." The Wall Street Journal adds, "Cem Özdemir, the head of the Green party and a leading German politician of Turkish descent, told Spiegel Online it would be 'irresponsible' for German spies not to target Turkey given its location as a transit country for Islamic State militants from Europe." Further details at Spiegel Online and The Wall Street Journal."

    140 comments | yesterday

  • Leaked Documents: GCHQ Made Port-Scanning Entire Countries a Standard Spy Tool

    Advocatus Diaboli writes with this excerpt from Heise: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail. Also from the article: The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration) (Figure 4). Given that in the meantime, port scanning tools like Zmap have been developed which allow anyone to do comprehensive scans, it is not the technology used that is shocking, but rather the gargantuan scale and pervasiveness of the operation.

    58 comments | 3 days ago

  • Snowden: NSA Working On Autonomous Cyberwarfare Bot

    WIRED published a long piece on Edward Snowden today (worth a read on its own), and simultaneously broke news of "MonsterMind," an NSA program to monitor all network traffic and detect attacks, responding with a counterattack automatically. From the article: Although details of the program are scant, Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat. More than this, though, Snowden suggests MonsterMind could one day be designed to return fire — automatically, without human intervention... Snowden raised two issues with the program: the source of an attack could be spoofed to trick the U.S. into attacking an innocent third party, and the violation of the fourth amendment since the NSA would effectively need to monitor all domestic network traffic for the program to work. Also in Bamford's interview are allegations that the NSA knocked Syria offline in 2012 after an attempt to install intercept software on an edge router ended with the router being bricked.

    194 comments | about a week ago

  • New NSA-Funded Code Rolls All Programming Languages Into One

    An anonymous reader writes "What's your favorite programming language? Is it CSS? Is it JavaScript? Is it PHP, HTML5, or something else? Why choose? A new programming language developed by researchers at Carnegie Mellon University is all of those and more — one of the world's first "polyglot" programming languages. Sound cool? It is, except its development is partially funded by the National Security Agency, so let's look at it with a skeptical eye. It's called Wyvern — named after a mythical dragon-like thing that only has two legs instead of four — and it's supposed to help programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.

    306 comments | about two weeks ago

  • Silent Circle's Blackphone Exploited at Def Con

    Def Con shows no mercy. As gleefully reported by sites several Blackberry-centric sites, researcher Justin Case yesterday demonstrated that he could root the much-heralded Blackphone in less than five minutes. From n4bb.com's linked report: "However, one of the vulnerabilities has already been patched and the other only exploitable with direct user consent. Nevertheless, this only further proves you cannot add layers of security on top of an underlying platform with security vulnerabilities." Case reacts via Twitter to the crowing: "Hey BlackBerry idiots, stop miss quoting me on your blogs. Your phone is only "secure" because it has few users and little value as a target."

    46 comments | about two weeks ago

  • Cornering the Market On Zero-Day Exploits

    Nicola Hahn (1482985) writes Kim Zetter of Wired Magazine has recently covered Dan Greer's keynote speech at Black Hat USA. In his lengthy address Greer, representing the CIA's venture funding arm, suggested that one way that the United States government could improve cyber security would be to use its unparalleled budget to buy up all the underground's zero-day vulnerabilities.

    While this would no doubt make zero-day vendors like VUPEN and middlemen like the Grugq very wealthy, is this strategy really a good idea? Can the public really trust the NSA to do the right thing with all those zero-day exploits? Furthermore, recall the financial meltdown of 2008 where the public paid the bill for Wall Street's greed. If the government pays for information on all these unpatched bugs would society simply be socializing the cost of hi-tech's sloppy engineering? Whose interests does this "corner-the-market" approach actually serve?

    118 comments | about two weeks ago

  • Google Will Give a Search Edge To Websites That Use Encryption

    As TechCrunch reports, Google will begin using website encryption, or HTTPS, as a ranking signal – a move which should prompt website developers who have dragged their heels on increased security measures, or who debated whether their website was “important” enough to require encryption, to make a change. Initially, HTTPS will only be a lightweight signal, affecting fewer than 1% of global queries, says Google. ... Over time, however, encryption’s effect on search ranking [may] strengthen, as the company places more importance on website security. ... While HTTPS and site encryption have been a best practice in the security community for years, the revelation that the NSA has been tapping the cables, so to speak, to mine user information directly has prompted many technology companies to consider increasing their own security measures, too. Yahoo, for example, also announced in November its plans to encrypt its data center traffic.

    148 comments | about two weeks ago

  • Snowden Granted 3 More Years of Russian Residency

    SiggyRadiation writes Edward Snowden is allowed to stay in Russia for three more years. According to the NYPost:"His lawyer, Analtoly Kucherena, was quoted by Russian news agencies on Thursday as saying Snowden now has been granted residency for three more years, but that he had not been granted political asylum. That status, which would allow him to stay in Russia permanently, must be decided by a separate procedure, Kucherena said, but didn't say whether Snowden is seeking it." The question that remains, of course, is did the Russians use this as leverage over him to get to more information or influence him? Or is the positive PR in itself enough for the Russians in the current climate of tensions and economic sanctions relating to the Ukraine crisis?"

    266 comments | about two weeks ago

  • 40% Of People On Terror Watch List Have No Terrorist Ties

    Advocatus Diaboli (1627651) writes with the chilling, but not really surprising, news that the U.S. government is aware that many names in its terrorist suspect database are not linked to terrorism in any way. From the article: Nearly half of the people on the U.S. government's widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government's Terrorist Screening Database — a watchlist of "known or suspected terrorists" that is shared with local law enforcement agencies, private contractors, and foreign governments — more than 40 percent are described by the government as having "no recognized terrorist group affiliation." That category — 280,000 people — dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

    256 comments | about two weeks ago

  • EFF: US Gov't Bid To Alter Court Record in Jewel v. NSA

    The EFF is only today able to release details of an attempt by the government to alter the historical record in the case brought by the EFF against the NSA in Jewel v. NSA. "On June 6, the court held a long hearing in Jewel in a crowded, open courtroom, widely covered by the press. We were even on the local TV news on two stations. At the end, the Judge ordered both sides to request a transcript since he ordered us to do additional briefing. But when it was over, the government secretly, and surprisingly sought permission to "remove" classified information from the transcript, and even indicated that it wanted to do so secretly, so the public could never even know that they had done so." As you'd expect of the EFF, they fought back with vigorous objections, and in the end the government did not get its way, instead deciding that it hadn't given away any classified information after all. "The transcript of a court proceeding is the historical record of that event, what will exist and inform the public long after the persons involved are gone. The government's attempt to change this history was unprecedented. We could find no example of where a court had granted such a remedy or even where such a request had been made. This was another example of the government's attempt to shroud in secrecy both its own actions, as well as the challenges to those actions. We are pleased that the record of this attempt is now public. But should the situation recur, we will fight it as hard as we did this time."

    78 comments | about two weeks ago

  • Want To Work Without Prying Eyes? Try Wearing a Body Sock

    Nerval's Lobster writes The "Compubody Sock," which anyone with knitting skills can make at home, is a giant sock-hoodie-bag in which you place your laptop or tablet, along with your head and hands, giving you total privacy while freaking out anyone who happens to be sitting next to you. Designer Becky Stern told Forbes' Kashmir Hill that the Sock was meant more as commentary on privacy and device addiction; even so, considering how NSA employees reportedly drape themselves in hoods in order to thwart hidden cameras while typing in passwords, it's not outside the realm of possibility that an ultra-paranoid someone could find a practical use for a body sock. But that paranoid android better have expert knitting skills: putting together the Sock necessitates a whole lot of steps ("Purl 5, purl 2 together, purl 1, turn the work," etc.). Your other option, of course, is to simply avoid working on sensitive stuff in public.

    75 comments | about two weeks ago

  • The CIA Does Las Vegas

    Nicola Hahn (1482985) writes Despite the long line of covert operations that Ed Snowden's documents have exposed, public outcry hasn't come anywhere near the level of social unrest that characterized the 1960s. Journalists like Conor Friedersdorf have suggested that one explanation for this is that the public is "informed by a press that treats officials who get caught lying and misleading (e.g., James Clapper and Keith Alexander) as if they're credible."

    Certainly there are a number of well-known popular venues which offer a stage for spies to broadcast their messages from while simultaneously claiming to "cultivate conversations among all members of the security community, both public and private." This year, for instance, Black Hat USA will host Dan Greer (the CISO of In-Q-Tel) as a keynote speaker.

    But after all of the lies and subterfuge is it even constructive to give voice to the talking points of intelligence officials? Or are they just muddying the water? As one observer put it, "high-profile members of the intelligence community like Cofer Black, Shawn Henry, Keith Alexander, and Dan Greer are positioned front and center in keynote slots, as if they were glamorous Hollywood celebrities. While those who value their civil liberties might opine that they should more aptly be treated like pariahs."

    124 comments | about three weeks ago

  • CIA Director Brennan Admits He Was Lying: CIA Really Did Spy On Congress

    Bruce66423 (1678196) writes with this story from the Guardian: The director of the Central Intelligence Agency, John Brennan, issued an extraordinary apology to leaders of the US Senate intelligence committee on Thursday, conceding that the agency employees spied on committee staff and reversing months of furious and public denials. Brennan acknowledged that an internal investigation had found agency security personnel transgressed a firewall set up on a CIA network, called RDINet, which allowed Senate committee investigators to review agency documents for their landmark inquiry into CIA torture." (Sen. Diane Feinstein was one of those vocally accusing the CIA of spying on Congress; Sen. Bernie Sanders has raised a similar question about the NSA.)

    266 comments | about three weeks ago

  • Journalist Sues NSA For Keeping Keith Alexander's Financial History Secret

    Daniel_Stuckey writes Now the NSA has yet another dilemma on its hands: Investigative journalist Jason Leopold is suing the agency for denying him the release of financial disclosure statements attributable to its former director. According to a report by Bloomberg, prospective clients of Alexander's, namely large banks, will be billed $1 million a month for his cyber-consulting services. Recode.net quipped that for an extra million, Alexander would show them the back door (state-installed spyware mechanisms) that the NSA put in consumer routers.

    200 comments | about three weeks ago

  • Black Hat Researchers Actively Trying To Deanonymize Tor Users

    An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.

    82 comments | about three weeks ago

  • Senate Bill Would Ban Most Bulk Surveillance

    An anonymous reader writes: Today Senator Patrick Leahy (D-VT) introduced a bill that would ban bulk collection of telephone records and internet data for U.S. citizens. This is a stronger version of the legislation that passed the U.S. House in May, and it has support from the executive branch as well. "The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. It would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. Both House and Senate measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek."

    176 comments | about three weeks ago

  • When Spies and Crime-Fighters Squabble Over How They Spy On You

    The Washington Post reports in a short article on the sometimes strange, sometimes strained relationship between spy agencies like the NSA and CIA and law enforcement (as well as judges and prosecutors) when it comes to evidence gathered using technology or techniques that the spy agencies would rather not disclose at all, never mind explain in detail. They may both be arms of the U.S. government, but the spy agencies and the law enforcers covet different outcomes. From the article: [S]sometimes it's not just the tool that is classified, but the existence itself of the capability — the idea that a certain type of communication can be wiretapped — that is secret. One former senior federal prosecutor said he knew of at least two instances where surveillance tools that the FBI criminal investigators wanted to use "got formally classified in a big hurry" to forestall the risk that the technique would be revealed in a criminal trial. "People on the national security side got incredibly wound up about it," said the former official, who like others interviewed on the issue spoke on condition of anonymity because of the topic’s sensitivity. "The bottom line is: Toys get taken away and put on a very, very high shelf. Only people in the intelligence community can use them." ... The DEA in particular was concerned that if it came up with a capability, the National Security Agency or CIA would rush to classify it, said a former Justice Department official.

    120 comments | about three weeks ago

  • The NSA's New Partner In Spying: Saudi Arabia's Brutal State Police

    Advocatus Diaboli sends this news from The Intercept: The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world's most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency's plans "to provide direct analytic and technical support" to the Saudis on "internal security" matters. The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that "Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse," specifically mentioning a 2011 episode in which MOI agents allegedly "poured an antiseptic cleaning liquid down [the] throat" of one human rights activist. The report also notes the MOI's use of invasive surveillance targeted at political and religious dissidents.

    125 comments | about three weeks ago

  • Dutch Court Says Government Can Receive Bulk Data from NSA

    jfruh (300774) writes Dutch law makes it illegal for the Dutch intelligence services to conduct mass data interception programs. But, according to a court in the Hague, it's perfectly all right for the Dutch government to request that data from the U.S.'s National Security Agency, and doing so doesn't violate any treaties or international law.

    109 comments | about a month ago

  • Dropbox Head Responds To Snowden Claims About Privacy

    First time accepted submitter Carly Page writes When asked for its response to Edward Snowden's claims that "Dropbox is hostile to privacy", Dropbox told The INQUIRER that users concerned about privacy should add their own encryption. The firm warned however that if users do, not all of the service's features will work. Head of Product at Dropbox for Business Ilya Fushman says: "We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you'll find many client-side encryption apps....It's hard to do things like rich document rendering if they're client-side encrypted. Search is also difficult, we can't index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can't then help them recover those files."

    176 comments | about a month ago

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>