Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Encryption

Moxie Marlinspike: GPG Has Run Its Course 300

Posted by Soulskill
from the end-to-end-before-the-ends-moved dept.
An anonymous reader writes: Security researcher Moxie Marlinspike has an interesting post about the state of GPG-encrypted communications. After using GPG for much of its lifetime, he says he now dreads getting a GPG-encrypted email in his inbox. "Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It's up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; for comparison, the novel Fahrenheit 451 is only 40k words. Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the "strong set," and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today's standards, that's a shockingly small user base for a month of activity, much less 20 years." Marlinspike concludes, "I think of GPG as a glorious experiment that has run its course. ... GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography."
Government

Homeland Security Urges Lenovo Customers To Remove Superfish 134

Posted by timothy
from the confessed-fully-as-soon-as-we-were-caught-red-handed dept.
HughPickens.com (3830033) writes "Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites and perform other attacks on Lenovo PCs with the software installed. Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on.""
Security

US State Department Can't Get Rid of Email Hackers 86

Posted by Soulskill
from the your-government's-computer-is-broadcasting-an-IP-address dept.
An anonymous reader sends this quote from a Wall Street Journal report: Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn't been able to evict them from the network, say three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses. It isn't clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence.
Businesses

Does Open Data Have a Dark Side? 65

Posted by samzenpus
from the the-good-and-the-bad dept.
itwbennett writes A Forbes article last month explored some of the potentially darker sides of open data — from creating a new kind of digital divide to making an argument in favor of privatizing certain government services. But how real are these downsides of open data? The World Wide Web Foundation's Open Data Program Manager Jose Alonso is unconcerned, telling ITworld's Phil Johnson via email that the WWWF "believes there is no substantial evidence yet that the availability of Open Data leads to the marketization of public services or public spending cuts." But Ben Wellington, a professor in the City & Regional Planning program at the Pratt Institute in Brooklyn, New York and author of the popular blog I Quant NY, takes a more cautious stance, acknowledging that there are some real concerns that may call for regulation. But, at least for now, "there's a lot more innovation and positive things coming out than these corner cases," says Wellington.
Data Storage

Vint Cerf Warns Against 'Digital Dark Age' 166

Posted by Soulskill
from the strangely-silent-on-digital-bronze-age dept.
An anonymous reader writes: Vint Cerf, speaking at the American Association for the Advancement of Science, said we need better methods for preserving everything we do on computers. It's not just about finding better storage media — it's about recording all the aspects of modern software and operating systems so future generations can figure out how it all worked. Cerf says, "The solution is to take an X-ray snapshot of the content and the application and the operating system together, with a description of the machine that it runs on, and preserve that for long periods of time. And that digital snapshot will recreate the past in the future." Cerf is also pushing for better data preservation standards: "The key here is when you move those bits from one place to another, that you still know how to unpack them to correctly interpret the different parts. That is all achievable if we standardize the descriptions."
Communications

Jeb Bush Publishes Thousands of Citizens' Email Addresses 255

Posted by timothy
from the public-records-now dept.
blottsie writes Former Florida Governor Jeb Bush hasn't even yet formally declared his desire to run for president in 2016, but he's already started what appears to be a major privacy blunder. His new project, the Jeb Emails, a massive, open database of correspondence to and from his jeb@jeb.org email address, publishes the full names, messages, and email addresses of his constituents who emailed him during his eight years in office.
The Internet

The Man Squatting On Millions of Dollars Worth of Domain Names 175

Posted by timothy
from the your-name-here dept.
Jason Koebler writes For the last 21 years, Gary Millin and his colleagues at World Accelerator have been slowly accumulating a veritable treasure trove of seemingly premium generic domain names. For instance, Millin owns, has sold, or has bartered away world.com, usa.com, doctor.com, lawyer.com, comic.com, email.com, cyberservices.com, and more than 1,000 other domain names that can be yours (including yours.com, which he owns), as long as you've got the startup idea to back it up. Millin doesn't sell domain names anymore, instead, he trades them to startups in exchange for a stake in the company.
Firefox

Firefox Succeeded In Its Goal -- But What's Next? 296

Posted by Soulskill
from the building-actual-foxes-made-of-fire dept.
trawg writes: It's been more than 10 years since Mozilla released version 1.0 of Firefox, one of their first steps in their mission to 'preserve choice and innovation on the Internet'. Firefox was instrumental in shattering the web monoculture, but the last few years of development have left users uninspired. "Their goal was never to create the most popular browser in the world, or the one with the best UX, or the one with the most features, or the one with the best developer mode. ... It would be foolish to say a monoculture will never arise again (Google are making some scary moves with Chrome-only web applications). But at this point in time while Chrome is the ascendant browser (largely at the expense of Firefox), Mozilla’s ability to impact the web in general is greatly reduced." Perhaps it is time to move on to the next challenge — ensuring there is a strong Thunderbird to help preserve a free and open email ecosystem.
Privacy

Bipartisan Bill Would Mandate Warrant To Search Emails 103

Posted by Soulskill
from the of-barn-doors-and-horses dept.
jfruh writes: Bills were introduced into both the House and Senate yesterday that would amend the Electronic Communications Privacy Act, requiring a warrant to search Americans' email messages stored on third-party servers even if they're more than 180 days old. The current version of the law was passed in 1986, and was written in an environment where most email users downloaded emails to their computer and erased them after reading them.
Security

GPG Programmer Werner Koch Is Running Out of Money 222

Posted by timothy
from the open-secret dept.
New submitter jasonridesabike writes "ProPublica reports that Werner Koch, the man behind GPG, is in financial straits: "The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded." (You can donate to the project here..)
AI

Programming Safety Into Self-Driving Cars 124

Posted by timothy
from the but-just-not-plan-c dept.
aarondubrow writes Automakers have presented a vision of the future where the driver can check his or her email, chat with friends or even sleep while shuttling between home and the office. However, to AI experts, it's not clear that this vision is a realistic one. In many areas, including driving, we'll go through a long period where humans act as co-pilots or supervisors before the technology reaches full autonomy (if it ever does). In such a scenario, the car would need to communicate with drivers to alert them when they need to take over control. In cases where the driver is non-responsive, the car must be able to autonomously make the decision to safely move to the side of the road and stop. Researchers from the University of Massachusetts Amherst have developed 'fault-tolerant planning' algorithms that allow semi-autonomous machines to devise and enact a "Plan B."
Businesses

US Health Insurer Anthem Suffers Massive Data Breach 223

Posted by timothy
from the news-I-can-use dept.
An anonymous reader writes Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals. Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company's CEO Joseph Swedish in a public statement, in which he says they were the victims of a "very sophisticated external cyber attack." The company has notified the FBI, and has hired Mandiant to evaluate their systems and identify solutions to secure them. Swedish said the breach is extensive: the vulnerable data included "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised." (Also covered by Reuters.)
Lord of the Rings

Texas Boy Suspended For "Threatening" Classmate With the One Ring 591

Posted by samzenpus
from the one-ring-to-rule-the-playground dept.
An anonymous reader writes Nine-year-old Aiden Steward has been suspended by officials at a Texas school after he allegedly threatened to use his magic ring to make another boy disappear. His father says the family had watched The Hobbit: The Battle of the Five Armies last weekend. His son brought a ring to class and told another boy his magic ring could make the boy disappear. "I assure you my son lacks the magical powers necessary to threaten his friend's existence," Aiden's father wrote in an email. "If he did, I'm sure he'd bring him right back." Principal Roxanne Greer declined to comment on the school's zero tolerance policy on magic rings. It may seem easy to make fun of Principal Greer in this case, but it does make one wonder how many elves could have been saved if someone took a hard line with a young Sauron.
Privacy

DEA Planned To Monitor Cars Parked At Gun Shows Using License Plate Readers 577

Posted by samzenpus
from the all-the-better-to-read-you-with dept.
HughPickens.com writes According to a newly disclosed DEA email obtained by the ACLU through the Freedom of Information Act, the Drug Enforcement Administration and the Bureau of Alcohol, Tobacco, Firearms and Explosives collaborated on plans to monitor gun show attendees using automatic license plate readers. Responding to inquiries about the document, the DEA said that the monitoring of gun shows was merely a proposal and was never implemented. "The proposal in the email was only a suggestion. It was never authorized by DEA, and the idea under discussion in the email was never launched,'' says DEA administrator Michele Leonhart.

According to the Wall Street Journal the proposal shows the challenges and risks facing the U.S. as it looks to new, potentially intrusive surveillance technology to help stop criminals. Many of the government's recent efforts have scooped up data from innocent Americans, as well as those suspected of crimes, creating records that lawmakers and others say raise privacy concerns. "Automatic license plate readers must not be used to collect information on lawful activity — whether it be peacefully assembling for lawful purposes, or driving on the nation's highways," says the ACLU. "Without strong regulations and greater transparency, this new technology will only increase the threat of illegitimate government surveillance." National Rifle Association spokesman Andrew Arulanandam says the NRA is "looking into this to see if gun owners were improperly targeted, and has no further comment until we have all the facts."
Android

Microsoft Launches Outlook For Android and iOS 175

Posted by samzenpus
from the check-it-out dept.
An anonymous reader writes Microsoft today launched Outlook for Android and iOS. The former is available (in preview) for download now on Google Play and the latter will arrive on Apple's App Store later today. The pitch is simple: Outlook will let you manage your work and personal email on your phone and tablet as efficiently as you do on your computer. The app also offers calendar features, attachment integration (with OneDrive, Dropbox, Google Drive, Box, and iCloud), along with customizable swipes and actions so you can tailor it to how you specifically use email.
Privacy

'Anonymized' Credit Card Data Not So Anonymous, MIT Study Shows 96

Posted by timothy
from the why-I-order-from-the-women's-menu dept.
schwit1 writes Scientists showed they can identify you with more than 90 percent accuracy by looking at just four purchases, three if the price is included — and this is after companies "anonymized" the transaction records, saying they wiped away names and other personal details. The study out of MIT, published Thursday in the journal Science, examined three months of credit card records for 1.1 million people. "We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of the Massachusetts Institute of Technology, said in an email.
Businesses

Amazon Takes On Microsoft, Google With WorkMail For Businesses 65

Posted by samzenpus
from the new-mail dept.
alphadogg writes Amazon Web Services today launched a new product to its expansive service catalog in the cloud: WorkMail is a hosted email platform for enterprises that could wind up as a replacement for Microsoft and Google messaging systems. The service is expected to cost $4 per user per month for a 50GB email inbox. It's integrated with many of AWS's other cloud services too, including its Zocalo file synchronization and sharing platform. The combination will allow IT shops to set up a hosted email platform and link it to a file sharing system.
Security

Lizard Squad Hits Malaysia Airlines Website 41

Posted by Soulskill
from the kicking-them-when-they're-down dept.
An anonymous reader writes: Lizard Squad, the hacking collaborative that went after the PlayStation Network, Xbox Live, and the North Korean internet last year, has now targeted Malaysia Airlines with an attack. Bloomberg links to images of the hacks (including the rather heartless 404 jab on its home page) and columnist Adam Minter wonders why Malaysia Airlines, which has had so much bad press in the past 12 months, was worthy of Lizard Squad's ire. In apparent answer, @LizardMafia (the org's reputed Twitter handle) messaged Mr. Minter this morning: "More to come soon. Side Note: We're still organizing the @MAS email dump, stay tuned for that."
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 158

Posted by timothy
from the sink-within-a-sink dept.
New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Google

Google Handed To FBI 3 Wikileaks Staffers' Emails, Digital Data 197

Posted by timothy
from the why-there-oughtta-be-a-constitution dept.
Ariastis writes Google took almost three years to disclose to the open information group WikiLeaks that it had handed over emails and other digital data belonging to three of its staffers to the FBI under a secret search warrant issued by a federal judge. WikiLeaks were told last month of warrants which were served in March 2012. The subjects of the warrants were the investigations editor of WikiLeaks, the British citizen Sarah Harrison; the spokesperson for the organisation, Kristinn Hrafnsson; and Joseph Farrell, one of its senior editors. When it notified the WikiLeaks employees last month, Google said it had been unable to say anything about the warrants earlier as a gag order had been imposed.