The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers, remembers judge Robert J. Bryan. An anonymous reader quotes a report from Vice: While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects. To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges...

"I almost felt like saying, 'That's not a good way to protect your stuff, because the FBI can go through it like eggshells,'" Bryan continues. Of course, this isn't really true: although the FBI has had some notable successes at identifying criminal suspects on the dark web with technological means, it is not the norm. It's worth remembering Carroll is not the only Justice Department or US law enforcement official to endorse Tor...one FBI agent was also an advocate of Tor.

A security researcher demonstrated a way to bypass the full disk encryption in Windows BitLocker last November -- but that attack required physical access. Inserting the PC into a network with a counterfeit domain controller with incorrect time settings "allowed the attacker to poison the credentials cache and set a new password on the targeted device." An anonymous Slashdot reader writes: Microsoft fixed this vulnerability, and then fixed it again when two researchers pointed out in February 2016 that the fix was incomplete. At this year's Black Hat security conference, two Microsoft researchers have discovered a way to carry out the Evil Maid attack from a remote location, even over the Internet.

The two researchers say that an attacker can compromise a PC, configure it to work as a rogue domain controller, and then use Remote Desktop Protocol to access computers (that have open RDP connections) on the same network and carry out the attack from a distance. This particular attack, nicknamed a Remote Evil Butler, can be extremely attractive and valuable for cyber-espionage groups.
The article points out that Microsoft's February fix prevents this exploit, adding "The reason the two Microsoft researchers disclosed this variation of the original attack is to make companies understand the need to keep their systems up to date at all times."

"This is the year that Twitter's future will be determined," argues Backchannel's editorial director, noting that Twitter's revenue growth is slowing, and "None of the features that cofounder Jack Dorsey has introduced since he returned to the company as CEO last year have succeeded in attracting new users." But Backchannel suggests it's because the trolls "are winning," discouraging new sign-ups and driving existing customers to leave. "We suck at dealing with abuse and trolls on the platform, and we've sucked at it for years," Twitter's CEO wrote in an internal memo in 2015. Backchannel argues bluntly that Twitter "has a hate problem." New submitter mirandakatz writes: It's been exactly three years since Twitter first promised to solve its harassment problem. In those three years, the company has made countless such promises, introducing dozens of new "fixes" and even going so far as to ban notorious troll Milo Yiannopoulos last month. But still, abuse on Twitter continues, and stopping it is now critical to the platform's future success...
"Twitter did an excellent job of inventing a digital platform for realtime idea exchange, but it has yet to create the feature that allows the community itself to ferret out the abusers..." writes Backchannel. "And if it cannot figure out how to eradicate the harassers, Twitter's other challenges will remain intractable."

Ahmed Zewail pioneered a technique for using lasers to monitor chemical reactions, which the Royal Swedish Academy of Sciences said sparked "a revolution in chemistry and adjacent sciences." Slashdot reader Provocateur writes, "The Washington Post has the story...citing his prizewinning research in femtochemistry..."

Slashdot covered Zewail's Nobel prize in 1999, as well as his 2001 claim to have resolved Heisenberg's Uncertainty Principle. "Mathematics, mechanics, and chemistry were among the fields that gave me a special satisfaction..." he says in the Post's article, adding "for reasons unknown (to me), my mind kept asking 'how' and 'why.' "

Long-time Slashdot reader Geoffrey.landis writes: According to the Washington Post, 32 states have implemented some form of online voting for the 2016 U.S. presidential election -- even though multiple experts warn that internet voting is not secure. In many cases, the online voting options are for absentee ballots, overseas citizens or military members deployed overseas. According to Verified Voting, "voted ballots sent via Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections."
And yet 39% of this year's likely voters said they'd choose to vote online if given the option, according a new article in the Boston Globe, noting that "All 50 states and D.C. send ballots to overseas voters electronically," with Alabama even allowing them to actually cast their ballots through a special web site. "Security is exponentially increased over any other kind of voting because each ballot, as well as the electronic ballot box, has military-grade encryption," argues the founder of the software company that assures the site's security. "She also claims that Web voting is more accurate," reports the Boston Globe. "No more hanging chads or marks on a paper ballot that may be difficult to interpret. Web systems can also save money and can be upgraded or reconfigured as laws change..."

Saturday Slashdot reader MouseTheLuckyDog wrote:Some mysterious going ons on the web is causing people to ask if everything is alright with Edward Snowden. His last two tweets, since deleted, were a cryptic message...followed a few days later by a 64 character hex string. This combined with the recent move against torrents sites has the more conspiratorially oriented people speculating that perhaps he is dead and various agencies are slamming torrent sites to slow the spread of more Snowden leaks.
Saturday night The Inquisitr reported: The cryptic code tweets led many to believe that Snowden may have been captured or killed and the codes were the result of a "dead man's switch" designed to release if he did not check in to the computer at a certain time. However, a journalist with The Intercept that has worked with the whistleblower in the past says that Snowden is "fine," but would not elaborate further.
On Saturday Glenn Greenwald tweeted simply, "He's fine". While Snowden's first tweet was reported as "It's time," its complete text seems to suggest Snowden was gathering information for a book. "Did you work with me? Have we talked since 2013? Please recontact me securely, or talk to @bartongellman. It's time." That tweet ended with a URL that led to a tweet by Gellman. "If you have information on the work @Snowden did in the IC, help me tell it truthfully." And Saturday night Gellman also added a message on Twitter for "everyone requesting proof" that Snowden was alive. "Take a deep breath..."

"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article: if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...

[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."

Slashdot reader sciencehabit quotes an article from Science magazine: The National Institutes of Health announced that the agency soon expects to lift a moratorium on funding for controversial experiments that add human stem cells to animal embryos, creating an organism that is part animal, part human. Instead, these so-called chimera studies will undergo an extra layer of ethical review but may ultimately be allowed to proceed.

Although scientists who support such research welcomed the move, some were left trying to parse exactly what the draft policy will mean. It is "a step in the right direction," says Sean Wu, a stem cell researcher at Stanford University in Palo Alto, California, who co-authored a letter to Science last year opposing the moratorium. But "we still don't know what the outcome will be case by case," he adds. However, some see the proposal as opening up research in some areas that had been potentially off-limits.
Experiments could include using animals to grow human organs for transplants, although according to the article, some scientists "worry that the experiments could produce, say, a supersmart mouse."

An anonymous reader quotes a report from the Air Force Times: The F-35 Lightning II is so stealthy, pilots are facing an unusual challenge. They're having difficulty participating in some types of training exercises, a squadron commander told reporters Wednesday. During a recent exercise at Mountain Home Air Force Base, Idaho, F-35 squadrons wanted to practice evading surface-to-air threats. There was just one problem: No one on the ground could track the plane. 'If they never saw us, they couldn't target us,' said Lt. Col. George Watkins, the commander of the 34th Fighter Squadron at Hill Air Force Base, Utah. The F-35s resorted to flipping on their transponders, used for FAA identification, so that simulated anti-air weapons could track the planes, Watkins said.

Long-time Slashdot reader shanen writes: The Start button is broken on one of my Windows 10 machines. Left click is dead. Fairly well known problem, but none of the solutions from non-Microsoft web pages has fixed it... My little meta-problem of the day is being locked out of Microsoft's so-called support. The email part (on outlook.live.com) works as usual, but every attempt to access the support part returns "Something went wrong and we can't sign you in right now. Please try again later." It's a black hole page with no links or options or suggestions. Once you get there, you are dead to Microsoft. Whenever I try to go to Microsoft support, that's all I've seen for several weeks now. ..

In general, Windows 10 seems to be a good thing -- but I don't really know how much it is abusing my personal information and privacy. The abusive relationship with Microsoft support is clearly the same, bad as it ever was.
The original submission has more thoughts on the market for consumer operating systems, and asks for suggestions about these two previously-known issues -- a start button that ignores left clicks, and an ongoing lock-out from Microsoft support. But there's obviously much more to talk about -- so share your thoughts in the comments. Have you had any interesting recent experiences with Windows 10?

"A pair of security researchers recently uncovered a Nigerian scammer ring that they say operates a new kind of attack...after a few of its members accidentally infected themselves with their own malware," reports IEEE Spectrum. "Over the past several months, they've watched from a virtual front row seat as members used this technique to steal hundreds of thousands of dollars from small and medium-sized businesses worldwide." Wave723 writes: Nigerian scammers are becoming more sophisticated, moving on from former 'spoofing' attacks in which they impersonated a CEO's email from an external account. Now, they've begun to infiltrate employee email accounts to monitor financial transactions and slip in their own routing and account info...The researchers estimate this particular ring of criminals earns about US $3 million from the scheme.
After they infected their own system, the scammers' malware uploaded screenshots and all of their keystrokes to an open web database, including their training sessions for future scammers and the re-routing of a $400,000 payment. Yet the scammers actually "appear to be 'family men' in their late 20s to 40s who are well-respected, church-going figures in their communities," according to the article. SecureWorks malware researcher Joe Stewart says the scammers are "increasing the economic potential of the region they're living in by doing this, and I think they feel somewhat of a duty to do this."

Julian Assange made headlines Friday when talk-show host Bill Maher asked him why Wikileaks wasn't hacking into Donald's Trump's tax returns. "Well, we're working on it," Assange replied. But it was apparently the culmination of a larger back-and-forth. An anonymous reader quotes Slate: Earlier in the interview, Maher said it sure looked like Assange was "working with a bad actor, Russia" to hurt "the one person who stands in the way of us being ruled by Donald Trump." Assange then tried to move the conversation toward what he thought was a smoking gun against Maher, saying he had found there was a "William Maher" who "gave a Clinton-affiliated entity $1 million." Maher explained he had famously given President Obama $1 million in 2012 and he never tried to hide it. When Assange pressed on whether he had also given money to Clinton, Maher shot back: "Fuck no."
Slate has a video of the entire interview, and while Friday WikiLeaks was publicizing Assange's appearance on the show on Twitter, Saturday they were tweeting a clarification. "WikiLeaks isn't 'working on' hacking Trump's tax-returns. Claim is a joke from a comedy show. We are 'working on' encouraging whistleblowers."

On September 1, "GhostMail will no longer provide secure email services unless you are an enterprise client," reports ZDNet. "According to the company, it is 'simply not worth the risk.'" GhostMail provided a free and anonymous "military encrypted" e-mail service based in Switzerland, and collected "as little metadata" as possible. But this week on its home page, GhostMail told its users "Since we started our project, the world has changed for the worse and we do not want to take the risk of supplying our extremely secure service to the wrong people... In general, we believe strongly in the right to privacy, but we have taken a strategic decision to only supply our platform and services to the enterprise segment."

GhostMail is referring their users to other free services like Protonmail as an alternative, but an anonymous Slashdot reader asks: What options does an average person have for non-NSA-spied-on email? I am sure there are still some Ghostmail competitors out there but I'm wondering if it's better to coax friends and family to use encryption within their given client (Gmail, Yahoo, Outlook, whatever...) And are there any options for hosting a "private" email service: inviting friends and family to use it and have it kind of hosted locally. Ghostmail-in-a-box or some such?