Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

More on the GCHQ Hack Involving Slashdot Users: Official Statement

slashdotblog (2739829) writes | about 9 months ago

User Journal 19

Over the weekend, Der Spiegel reported that among Edward Snowden's continuing bonanza of revelations about government surveillance is one that GCHQ, the British spy agency, intercepted user requests to certain websites — Slashdot and LinkedIn, in particular — and spoofed them in order to install spyware on users' computers. As you might expect, the agency denies knowledge.

Here's the official statement from Slashdot's parent company, Dice Holdings:

"We were alerted to these reported government agency actions by a submission on Slashdot made by the community Sunday evening linking to news stories. To be clear, we have not been asked to cooperate with any government agency related to this matter and have not provided access to Slashdot systems or user information. We know of no unauthorized Slashdot code manipulation, or attempts to effect any. We do not approve of this reported activity and if true, it's unfortunate that we are yet another in a long line of internet businesses to suffer this type of intrusion."

This is probably something that should surprise no one: claims, many of them credible and recent, point to various ways in which some well-known web sites and online services (Microsoft, Google, Yahoo, AT&T, Facebook, AOL, Skype, Apple, YouTube, and more) have all been affected by alleged government surveillance of one kind or another.

Being offended (as we on the editorial and coder team at Slashdot all are) by even a hint at spying on readers doesn't help in itself, so here are some practical notes: Nothing here involves Slashdot's code base or user data: the allegation is of transparent proxies between website (LinkedIn and Slashdot happen to be mentioned, but most likely many others) and user. The spoofing and malware injection said to have taken place relies on the fact that between practically any server on the internet and the end user, there are compromisable links. However, it's probably a wise policy to assume that you never know all the possible ways your privacy may be compromised online.

Please keep in mind, too, that Slashdot has long enabled and encouraged anonymous participation; you are welcome to read the site, leave comments, and submit stories, without logging in. (Logged in readers can read with SSL turned on, though.)

Over the weekend, Der Spiegel reported that among Edward Snowden's continuing bonanza of revelations about government surveillance is one that GCHQ, the British spy agency, intercepted user requests to certain websites — Slashdot and LinkedIn, in particular — and spoofed them in order to install spyware on users' computers. As you might expect, the agency denies knowledge.

Here's the official statement from Slashdot's parent company, Dice Holdings:

"We were alerted to these reported government agency actions by a submission on Slashdot made by the community Sunday evening linking to news stories. To be clear, we have not been asked to cooperate with any government agency related to this matter and have not provided access to Slashdot systems or user information. We know of no unauthorized Slashdot code manipulation, or attempts to effect any. We do not approve of this reported activity and if true, it's unfortunate that we are yet another in a long line of internet businesses to suffer this type of intrusion."

This is probably something that should surprise no one: claims, many of them credible and recent, point to various ways in which some well-known web sites and online services (Microsoft, Google, Yahoo, AT&T, Facebook, AOL, Skype, Apple, YouTube, and more) have all been affected by alleged government surveillance of one kind or another.

Being offended (as we on the editorial and coder team at Slashdot all are) by even a hint at spying on readers doesn't help in itself, so here are some practical notes: Nothing here involves Slashdot's code base or user data: the allegation is of transparent proxies between website (LinkedIn and Slashdot happen to be mentioned, but most likely many others) and user. The spoofing and malware injection said to have taken place relies on the fact that between practically any server on the internet and the end user, there are compromisable links. However, it's probably a wise policy to assume that you never know all the possible ways your privacy may be compromised online.

Please keep in mind, too, that Slashdot has long enabled and encouraged anonymous participation; you are welcome to read the site, leave comments, and submit stories, without logging in. (Logged in readers can read with SSL turned on, though.)

cancel ×

19 comments

Don't boast... (1)

CaptainOfSpray (1229754) | about 9 months ago | (#45393381)

Dear GCHQ employees, do NOT ever tell me that you work for GCHQ. An incident amounting to a Breach of Public Order may result (varying from me pouring my pint over your head) to me smashing a glass in your smug little face.

Now fuck off and get yourself a Proper Job (TM).

Re:Don't boast... (0)

Anonymous Coward | about 9 months ago | (#45398923)

It takes a big man to threaten people with violence over the internet. Bravo, sir! Vive la revolution of sitting around on your arse shouting fantasy scenarios at shadows.

ssl for slashdot ? (1)

Anonymous Coward | about 9 months ago | (#45393445)

please enlighten us on how to enable ssl for slashdot, if i put https before the url it simply forwards to http again :(

of course it doesn't work (0)

Anonymous Coward | about 9 months ago | (#45397111)

You're behind the GCHQ proxy.

SSL!? (4, Insightful)

kbHL (194078) | about 9 months ago | (#45393633)

"Logged in readers can read with SSL turned on, though."

And how exactly does this work? I haven't found andy option for this

Re:SSL!? (2)

philip.paradis (2580427) | about 9 months ago | (#45393707)

I just spent ten minutes going through the mess of preferences and options for my account, and have also failed to find any HTTPS toggle.

Re:SSL!? (1)

Luthair (847766) | about 9 months ago | (#45393713)

Attempting to simply change the scheme doesn't appear to work either.

Re:SSL!? (0)

Anonymous Coward | about 8 months ago | (#45432343)

its took me 3 seconds to get to https://slashdot.org/my/login

Re:SSL!? (3, Informative)

c0lo (1497653) | about 9 months ago | (#45397063)

"Logged in readers can read with SSL turned on, though."

Seems to be a lie. Well... such times we are living.

Re:SSL!? (1)

L4t3r4lu5 (1216702) | about 9 months ago | (#45398797)

Also recently disabled posting comments over Tor.

So much for supporting anonymity. Can't serve those adverts to truly anonymous participants, right?

SSL? How, exactly? (0)

Anonymous Coward | about 9 months ago | (#45393781)

(Logged in readers can read with SSL turned on, though.)

If this is true, then how can I do this? If I just change http to https, it immediately changes it back, even when I am logged in. I've been through every account and options menu I can find, and I can't see any setting to accomplish this, so how exactly does one enable use of SSL on Slashdot?

(I am posting this question anonymously so as not to look like a complete idiot when the solution turns out to be something obvious I missed.)

Re:SSL? How, exactly? (1)

zrq (794138) | about 9 months ago | (#45396507)

Not just you, I can't get it to work either.

Even kuro5hin has SSL for heaven's sake! (2)

DamnStupidElf (649844) | about 9 months ago | (#45395009)

Of course the certificate expired in April, but it's the thought that counts.

No, I blame Slashdot (0)

Anonymous Coward | about 9 months ago | (#45398233)

Enable SSL for all users, also anonymous cowards

Tu bep (1)

tubephanoi2013 (3437087) | about 8 months ago | (#45461207)

"Chúng tôi ã cnh báo v nhng hành ng ca c quan nhà nc báo cáo ca mt trình trên Slashdot thc hin bi các ti ch nht cng ng liên kt vi câu chuyn tin tc. c rõ ràng, chúng tôi ã không c yêu cu hp tác vi các c quan chính ph liên quan n vn này và ã không cung cp truy cp h thng Slashdot hoc thông tin ngi dùng. Chúng tôi bit không có thao tác ang Slashdot trái phép, hoc c gng thc hin bt k. Site: http://tubephanoi.vn/ [tubephanoi.vn]

CCHQ certificate (1)

myblogjames (3438205) | about 8 months ago | (#45470269)

CCHQ certificate is very needed for Trusty Networks Hiring Tips [knowhiringtips.com]

hwo to buy cheap cigarettes online free shipping (1)

fifth0010 (3438545) | about 8 months ago | (#45471103)

i want to buy cheap cigarettes from this website, this is my first time to buy newport cigarettes online in this website: www.cigarettes-onsale.com . hope everything is alright cause the packages already on the way to my states!

goctuki.com (1)

goctuki (3439833) | about 8 months ago | (#45480163)

you can visit http://goctuki.com/ [goctuki.com] and like, sorry because has spam
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...