×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Tor Network May Be Attacked, Says Project Leader

timothy posted yesterday | from the routing-around-the-routing-around dept.

Communications 83

Earthquake Retrofit writes The Register is reporting that the Tor Project has warned that its network – used to mask peoples' identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger 'arma' Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

Soulskill posted 2 days ago | from the just-look-less-hackable-than-the-schmuck-next-to-you dept.

Sony 325

phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Soulskill posted 2 days ago | from the just-in-case-you-were-feeling-safe-and-secure-today dept.

Security 88

krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.

Councilmen Introduce Bills Strongly Regulating UAV Use in NYC

timothy posted 3 days ago | from the man-vs-the-state dept.

Crime 68

SternisheFan passes on this excerpt from an Ars Technica article: On Wednesday Councilman Dan Garodnick introduced a bill to the New York City council seeking to ban all use of drones except those operated by police officers who obtain warrants. A second, parallel bill introduced by councilman Paul Vallone would place more stringent restrictions on drone use but stop short of banning drones for hobbyists and companies altogether. Both bills have been passed to the city's committee on public safety. An all-out ban on drones within the metropolis would be a quite wide-reaching step, especially as the Federal Aviation Authority (FAA) seems poised to adopt more permissive rules, with respect to commercial interests in particular. Earlier this year, the FAA formally granted six Hollywood companies exemptions to drone ban rules. A couple of months later, the FAA granted similar exemptions for construction site monitoring and oil rig flare stack inspections. The article explains that Vallone's bill is less restrictive, and rather than propose an outright ban "lists 10 instances where operating a UAV would be illegal, including at night, out of the operator's eyesight, or above 400 ft high. Outside of those conditions, hobbyists and commercial interests would be free to fly drones."

RFID-Blocking Blazer and Jeans Could Stop Wireless Identity Theft

samzenpus posted 3 days ago | from the keeping-it-in dept.

Crime 110

An anonymous reader writes A pair of trousers and blazer have been developed by San Francisco-based clothing company Betabrand and anti-virus group Norton that are able to prevent identity theft by blocking wireless signals. The READY Active Jeans and the Work-It Blazer contain RFID-blocking fabric within the pockets' lining designed to prevent hacking through radio frequency identification (RFID) signals emitted from e-passports and contactless payment card chips. According to the clothing brand, this form of hacking is an increasing threat, with "more than 10 million identities digitally pick pocketed every year [and] 70% of all credit cards vulnerable to such attacks by 2015."

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Soulskill posted 4 days ago | from the part-and-parcel dept.

Verizon 166

An anonymous reader sends this quote from TechDirt: As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt.

Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.

Uber Limits 'God View' To Improve Rider Privacy

Soulskill posted 5 days ago | from the enabled-by-typing-iddqd dept.

Privacy 76

mpicpp sends this report from CNN: Uber has rolled back employee access to its "God view" mode, which allows the company to track riders' locations and other data. The ride service company was faced with questions about its privacy policies from U.S. Senator Al Franken, following a series of recent privacy debacles. Uber's updated policy is detailed in its response to the senator's questions. Franken sent Uber a letter (PDF, Uber's response) in November after news reports made two things clear: The ride service company collects lots of data on customers — and some executives don't exercise that power responsibly. In one case, an Uber employee using "God View" easily tracked a reporter's movements on her way to a meeting.

Microsoft Gets Industry Support Against US Search Of Data In Ireland

timothy posted 5 days ago | from the encrypt-what-you-must dept.

Privacy 137

An anonymous reader writes Tech giants such as Apple and eBay have given their support in Microsoft's legal battle against the U.S. government regarding the handing over of data stored in an Irish datacenter. In connection with a 2014 drugs investigation, U.S. prosecutors issued a warrant for emails stored by Microsoft in Ireland. The firm refused to hand over the information, but in July was ordered by a judge to comply with the investigation. Microsoft has today filed a collection of letters from industry supporters, such as Apple, eBay, Cisco, Amazon, HP, and Verizon. Trade associations including the U.S. Chamber of Commerce and Digital Rights Ireland have also expressed their support.

Federal Court Nixes Weeks of Warrantless Video Surveillance

timothy posted 5 days ago | from the if-you-watch-someone-long-enough dept.

Electronic Frontier Foundation 440

An anonymous reader writes with this news from the EFF's Deep Links: The public got an early holiday gift today when a federal court agreed with us that six weeks of continually video recording the front yard of someone's home without a search warrant violates the Fourth Amendment. In United States v. Vargas local police in rural Washington suspected Vargas of drug trafficking. In April 2013, police installed a camera on top of a utility pole overlooking his home. Even though police did not have a warrant, they nonetheless pointed the camera at his front door and driveway and began watching every day. A month later, police observed Vargas shoot some beer bottles with a gun and because Vargas was an undocumented immigrant, they had probable cause to believe he was illegally possessing a firearm. They used the video surveillance to obtain a warrant to search his home, which uncovered drugs and guns, leading to a federal indictment against Vargas.

Snowden Leaks Prompt Internet Users Worldwide To Protect Their Data

Soulskill posted 5 days ago | from the for-differing-values-of-"protect" dept.

Privacy 53

Lucas123 writes: A new international survey of internet users from 24 countries has found that more than 39% of them have taken steps to protect their data since Edward Snowden leaked the NSA's spying practices. The survey, conducted by the Center for International Governance Innovation, found that 43% of Internet users now avoid certain websites and applications and 39% change their passwords regularly. Security expert Bruce Schneier chastised the media for trying to downplay the numbers by saying "only" 39%" have taken action and "only 60%" have heard of Snowden. The news articles, "are completely misunderstanding the data," Schneier said, pointing out that by combining data on Internet penetration with data from the international survey, it works out to 706 million people who are now taking steps to protect their online data. Additionally, two-thirds (64%) of users indicated they are more concerned today about online privacy than they were a year ago. Another notable finding: 83% of users believe that affordable access to the Internet should be a basic human right.

Govt Docs Reveal Canadian Telcos Promise Surveillance Ready Networks

samzenpus posted about a week ago | from the we'll-do-it-for-you dept.

Canada 74

An anonymous reader writes "Michael Geist reports that Canadian telecom and Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. Hoping to avoid legislative requirements, the providers argue that "the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications."

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

samzenpus posted about a week ago | from the no-snooping-zone dept.

Google 281

jfruh writes Google Chairman Eric Schmidt told a conference on surveillance at the Cato Institute that Edward Snowden's revelations on NSA spying shocked the company's engineers — who then immediately started working on making the company's servers and services more secure. Now, after a year and a half of work, Schmidt says that Google's services are the safest place to store your sensitive data.

Hollywood's Secret War With Google

Soulskill posted about a week ago | from the a-war-they'll-fight-aggressively-to-lose dept.

Google 176

cpt kangarooski writes: Information has come to light (thanks to the recent Sony hack) that the MPAA and six major studios are pondering the legal actions available to them to compel an entity referred to as 'Goliath,' most likely Google, into taking aggressive anti-piracy action on behalf of the entertainment industry. The MPAA and member studios Universal, Sony, Fox, Paramount, Warner Bros., and Disney have had lengthy email discussions concerning how to block pirate sites at the ISP level, and how to take action at the state level to work around the failure of SOPA in 2012. Emails also indicate that they are working with Comcast (which owns Universal) on some form of traffic inspection to find copyright infringements as they happen.

Is Enterprise IT More Difficult To Manage Now Than Ever?

Soulskill posted about two weeks ago | from the get-off-my-virtualized-lawn dept.

Businesses 241

colinneagle writes: Who's old enough to remember when the best technology was found at work, while at home we got by with clunky home computers and pokey dial-up modems? Those days are gone, and they don't look like they're ever coming back.

Instead, today's IT department is scrambling to deliver technology offerings that won't get laughed at — or, just as bad, ignored — by a modern workforce raised on slick smartphones and consumer services powered by data centers far more powerful than the one their company uses. And those services work better and faster than the programs they offer, partly because consumers don't have to worry about all the constraints that IT does, from security and privacy to, you know, actually being profitable. Plus, while IT still has to maintain all the old desktop apps, it also needs to make sure mobile users can do whatever they need to from anywhere at any time.

And that's just the users. IT's issues with corporate peers and leaders may be even rockier. Between shadow IT and other Software-as-a-Service, estimates say that 1 in 5 technology operations dollars are now being spent outside the IT department, and many think that figure is actually much higher. New digital initiatives are increasingly being driven by marketing and other business functions, not by IT. Today's CMOs often outrank the CIO, whose role may be constrained to keeping the infrastructure running at the lowest possible cost instead of bringing strategic value to the organization. Hardly a recipe for success and influence.

Bank Security Software EULA Allows Spying On Users

timothy posted about two weeks ago | from the even-for-a-eula-that's-bad dept.

Privacy 135

An anonymous reader writes Trusteer Rapport, a software package whose installation is promoted by several major banks as an anti-fraud tool, has recently been acquired by IBM and has an updated EULA. Among other things, the new EULA includes this gem: "In addition, You authorize personnel of IBM, as Your Sponsoring Enterprise's data processor, to use the Program remotely to collect any files or other information from your computer that IBM security experts suspect may be related to malware or other malicious activity, or that may be associated with general Program malfunction." Welcome to the future...

How Your In-Store Shopping Affects the Ads You See On Facebook

timothy posted about two weeks ago | from the one-country-one-nation-one-singular-sensation dept.

Social Networks 69

itwbennett writes Facebook has made several acquisitions over the years to help advertisers target their ads and extend their reach. Custom Audiences is one such targeting tool, allowing retailers to match shoppers in their stores with their accounts on Facebook. It's often done through an email address, phone number or name. Facebook won't give hard numbers, but there seems to be a lot of matching going on. For decades, marketers have been trying to understand more about what's happening at the point of sale, 'so their systems are really robust at capturing a strikingly large amount of transactions,' says Brian Boland, Facebook's VP of advertising technology.

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

timothy posted about two weeks ago | from the stinkin'-badges-apparently-suffice dept.

Communications 379

Prune writes Congress has quietly passed an Intelligence Authorization Bill that includes warrantless forfeiture of private communications to local law enforcement. Representative Justin Amash unsuccessfully attempted a late bid to oppose the bill, which passed 325-100. According to Amash, the bill "grants the executive branch virtually unlimited access to the communications of every American." According to the article, a provision in the bill allows “the acquisition, retention, and dissemination” of Americans’ communications without a court order or subpoena. That type of collection is currently allowed under an executive order that dates back to former President Reagan, but the new stamp of approval from Congress was troubling, Amash said. Limits on the government’s ability to retain information in the provision did not satisfy the Michigan Republican."

Canadian Supreme Court Rules In Favor of Warrantless Cellphone Searches

timothy posted about two weeks ago | from the eh?-speak-up-sonny dept.

Canada 105

An anonymous reader writes In a surprising decision, a split Supreme Court of Canada ruled this morning that police can search cellphones without a warrant incident to an arrest. The majority established some conditions, but ultimately ruled that it could navigate the privacy balance by establishing some safeguards with the practice. Michael Geist notes that a strongly worded dissent disagreed, emphasizing the privacy implications of access to cellphones and the need for judicial pre-authorization as the best method of addressing the privacy implications. The U.S. Supreme Court's June 2014 decision in Riley addressed similar issues and ruled that a warrant is needed to search a phone.

Microsoft To US Gov't: the World's Servers Are Not Yours For the Taking

Soulskill posted about two weeks ago | from the back-off dept.

United States 192

Microsoft is currently fighting a legal battle with the U.S. government, who wants to search the company's servers in Ireland using a U.S. search warrant. An anonymous reader points out a new court filing from Microsoft that argues the U.S. itself would never stand for such reasoning from other governments. Microsoft General Counsel Brad Smith writes, If the Government prevails, how can it complain if foreign agents require tech companies to download emails stored in the U.S.? This is a question the Department of Justice hasn’t yet addressed, much less answered. Yet the Golden Rule applies to international relations as well as to other human interaction. In one important sense, the issues at stake are even bigger than this. The Government puts at risk the fundamental privacy rights Americans have valued since the founding of the postal service. This is because it argues that, unlike your letters in the mail, emails you store in the cloud cease to belong exclusively to you. Instead, according to the Government, your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the Government claims it can use a different and broader legal authority to reach emails stored anywhere in the world.

Slashdot Login

Need an Account?

Forgot your password?