Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Businesses

Twitter Moves Non-US Accounts To Ireland, and Away From the NSA 18

Posted by timothy
from the be-right-over-here-guys dept.
Mark Wilson writes Twitter has updated its privacy policy, creating a two-lane service that treats U.S. and non-U.S. users differently. If you live in the U.S., your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope. What's the significance of this? Twitter Inc is governed by U.S. law; it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-U.S. operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.
Government

Bolivia Demands Assange Apologize For Deliberately False Leaks To the US 160

Posted by timothy
from the well-it's-not-swatting-if-it's-the-usaf dept.
Rei writes In 2013, during Edward Snowden's brief and chaotic search for asylum that ultimately landed him in Russia, the US faced criticism for handing information to various European nations that Bolivian president Evo Morales was smuggling him out of Russia, leading to the grounding of his flight. In a new twist, in the documentary Terminal F about this time period, Wikileaks founder Julian Assange admitted that he was the one who deliberately leaked the fake information to the US government. Bolivia has been none too pleased with this news and is now demanding that Assange apologize for putting their president's life at risk.
Microsoft

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw 171

Posted by samzenpus
from the protect-ya-neck dept.
Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.
Cellphones

The NSA Wants Tech Companies To Give It "Front Door" Access To Encrypted Data 212

Posted by samzenpus
from the let-us-in dept.
An anonymous reader writes The National Security Agency is embroiled in a battle with tech companies over access to encrypted data that would allow it to spy (more easily) on millions of Americans and international citizens. Last month, companies like Google, Microsoft, and Apple urged the Obama administration to put an end to the NSA's bulk collection of metadata. "National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."
Encryption

U.S. Gov't Grapples With Clash Between Privacy, Security 134

Posted by Soulskill
from the politicians-who-don't-know-which-way-the-wind-is-blowing dept.
schwit1 writes: WaPo: "For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee U.S. government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?"

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

"The odds of passing a new law appear slim, given a divided Congress and the increased attention to privacy in the aftermath of leaks by former NSA contractor Edward Snowden. There are bills pending to ban government back doors into communications devices. So far, there is no legislation proposed by the government or lawmakers to require Internet and tech firms to make their services and devices wiretap-ready."
Privacy

The DEA Disinformation Campaign To Hide Surveillance Techniques 46

Posted by Soulskill
from the you-can-trust-us dept.
An anonymous reader writes: Ken White at Popehat explains how the U.S. Drug Enforcement Agency has been purposefully sowing disinformation to hide the extent of their surveillance powers. The agency appears to have used a vast database of telecommunications metadata, which they acquired via general (read: untargeted, dragnet-style) subpoenas. As they begin building cases against suspected criminals, they trawl the database for relevant information. Of course, this means the metadata of many innocent people is also being held and occasionally scanned. The Electronic Frontier Foundation has filed a lawsuit to challenge this bulk data collection. The DEA database itself seems to have been shut down in 2013, but not before the government argued that it should be fine not only to engage in this collection, but to attempt to hide it during court cases. The courts agreed, which means this sort of surveillance could very well happen again — and the EFF is trying to prevent that.
United States

US Started Keeping Secret Records of International Telephone Calls In 1992 81

Posted by samzenpus
from the original-list dept.
schwit1 writes Starting in 1992, the Justice Department amassed logs of virtually all telephone calls from the USA to as many as 116 countries. The now-discontinued operation, carried out by the DEA's intelligence arm, was the government's first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans' privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago. More than a dozen current and former law enforcement and intelligence officials described the details of the Justice Department operation to USA TODAY. Most did so on the condition of anonymity because they were not authorized to publicly discuss the intelligence program, part of which remains classified. The operation had 'been approved at the highest levels of Federal law enforcement authority,' including then-Attorney General Janet Reno and her deputy, Eric Holder.
Government

Greenwald Criticizes Universities' Funding-Driven Collaboration With NSA 49

Posted by samzenpus
from the no-sir-I-don't-like-it dept.
An anonymous reader writes Speaking at "Secrecy Week" at the University of Utah, one of the two journalists who helped disseminate Edward Snowden's revelations about the scope of National Security Agency surveillance has criticized universities which open up their campuses to government agencies in exchange for funding. Ex-Guardian journalist and lawyer Glenn Greenwald, one of Snowden's first contacts after his flight from the NSA, commented: "Even if you think that you're the kind of person who does not have things to hide, just living in a world where you think you're being watched and recorded it changes your behavior from being a free individual. I would submit, and I don't think that it's in dispute, that we are far closer to the tyrannical model than we are the free model."
Encryption

TrueCrypt Alternatives Step Up Post-Cryptanalysis 83

Posted by Soulskill
from the rebuilding-with-confidence dept.
msm1267 writes: What's next for TrueCrypt now that a two-phase audit of the code and its cryptography uncovered a few critical vulnerabilities, but no backdoors? Two alternative open source encryption projects forked TrueCrypt once its developers decided to abandon the project in early 2014, giving rise to VeraCrypt and CipherShed — and both are ready to accelerate growth, compatibility and functionality now that the TrueCrypt code has been given a relatively clean bill of health.
United States

Snowden Demystified: Can the Government See My Junk? 200

Posted by timothy
from the aside-from-the-hidden-cameras dept.
An anonymous reader writes Comedian and journalist John Oliver set out to understand US Government surveillance in advance of the June 2015 expiration of section 215 of the Patriot Act. What resulted was a humorous but exceptionally journalistic interview of Edward Snowden which distilled the issues down in a (NSFW) way everyone can understand. Regardless of whether you view Snowden as a despicable traitor or an honorable whistleblower, it's worth a watch.
Encryption

The Problem With Using End-to-End Web Crypto as a Cure-All 89

Posted by Soulskill
from the nobody-reads-the-not-so-fine-print dept.
fsterman writes: Since the Snowden revelations, end-to-end web encryption has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.
The Internet

Why Is the Internet Association Rewarding a Pro-NSA Net-Neutrality Opponent? 157

Posted by samzenpus
from the keep-your-enemies-closer dept.
First time accepted submitter erier2003 writes The decision to give a major award to House Majority Leader Kevin McCarthy is curious given McCarthy's many questionable stances on Internet-freedom issues. For one thing, the California congressman is an avowed opponent of net neutrality. In May 2014, as the Federal Communications Commission debated new net neutrality rules, McCarthy—then the House Majority Whip, the chamber's third-highest-ranking member—signed a House GOP letter to the FCC warning that Title II regulation represented "a counterproductive effort to even further regulate the Internet."
United States

NSA's Former General Council Talks Privacy, Security, and Snowden's 'Betrayal' 212

Posted by Soulskill
from the i'll-bet-they-loved-it dept.
blottsie writes: In his first interview since retiring as general council to the NSA, Rajesh De offers detailed insights into the spy agency's efforts to find balance between security and privacy, why the NSA often has trouble defending itself in public, the culture of "No Such Agency," and what it was like on the inside when the Snowden bombshell went off. He describes the mood after the leaks: "My sense of it was that there were two overriding emotions among the workforce. The first was a deep, deep [feeling] of betrayal. Someone who was sitting next to them—being part of the team helping keep people safe, which is really what people at the agency think they are doing—could turn around and do something so self-aggrandizing and reckless. There was also a deep sense of hurt that a lot of what was in the media was not entirely accurate. Questioning the motives and legality of what NSA employees were being asked to do to keep Americans safe—all within the legal policy construct that we've been given—that was difficult for the NSA workforce."
Encryption

TrueCrypt Audit: No NSA Backdoors 142

Posted by Soulskill
from the assuming-you-can-trust-the-auditors dept.
Mark Wilson writes: A security audit of TrueCrypt has determined that the disk encryption software does not contain any backdoors that could be used by the NSA or other surveillance agencies. A report prepared by the NCC Group (PDF) for the Open Crypto Audit Project found that the encryption tool is not vulnerable to being compromised. However, the software was found to contain a few other security vulnerabilities, including one relating to the use of the Windows API to generate random numbers for master encryption key material. Despite this, TrueCrypt was given a relatively clean bill of health with none of the detected vulnerabilities considered severe enough to lead "to a complete bypass of confidentiality in common usage scenarios."
Encryption

NSA Worried About Recruitment, Post-Snowden 247

Posted by Soulskill
from the should-have-thought-of-that-before-being-jerks dept.
An anonymous reader writes: The NSA employs tens of thousands of people, and they're constantly recruiting more. They're looking for 1,600 new workers this year alone. Now that their reputation has taken a major hit with the revelations of whistleblower Edward Snowden, they aren't sure they'll be able to meet that goal. Not only that, but the NSA has to compete with other companies, and they Snowden leaks made many of them more competitive: "Ever since the Snowden leaks, cybersecurity has been hot in Silicon Valley. In part that's because the industry no longer trusts the government as much as it once did. Companies want to develop their own security, and they're willing to pay top dollar to get the same people the NSA is trying to recruit." If academia's relationship with the NSA continues to cool, the agency could find itself struggling within a few years.
Electronic Frontier Foundation

EFF Questions US Government's Software Flaw Disclosure Policy 18

Posted by Soulskill
from the we'll-do-that-at-least-once-in-the-past-decade dept.
angry tapir writes: It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation. They write, "ODNI has now finished releasing documents in response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP 'Highlights' from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an office called the 'Executive Secretariat' within the NSA. The only other highlight left unredacted explains that the VEP 'creates a process for notification, decision-making, and appeals.' And that's it. This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"
Botnet

Ask Slashdot: Who's Going To Win the Malware Arms Race? 155

Posted by Soulskill
from the not-you-and-not-me dept.
An anonymous reader writes: We've been in a malware arms race since the 1990s. Malicious hackers keep building new viruses, worms, and trojan horses, while security vendors keep building better detection and removal algorithms to stop them. Botnets are becoming more powerful, and phishing techniques are always improving — but so are the mitigation strategies. There's been some back and forth, but it seems like the arms race has been pretty balanced, so far. My question: will the balance continue, or is one side likely to take the upper hand over the next decade or two? Which side is going to win? Do you imagine an internet, 20 years from now, where we don't have to worry about what links we click or what attachments we open? Or is it the other way around, with threats so hard to block and DDoS attacks so rampant that the internet of the future is not as useful as it is now?
Books

Book Review: Future Crimes 27

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review.
Crime

Attempted Breach of NSA HQ Checkpoint; One Shot Dead 308

Posted by samzenpus
from the breaking-news dept.
seven of five writes One man is dead and another severely injured after a shootout at one of the main gates of the National Security Agency located at Fort Meade, Maryland. Two men dressed as women attempted to 'penetrate' the entry point with their vehicle when a shootout occurred, officials said. The FBI said they do not believe the incident is related to terrorism.
United Kingdom

Europol Chief Warns About Computer Encryption 161

Posted by samzenpus
from the I-can't-read-this dept.
An anonymous reader writes The law enforcement lobbying campaign against encryption continues. Today it's Europol director Rob Wainwright, who is trying to make a case against encryption. "It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he explained. "It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore." This is the same man who told the European Parliament that Europol is not going to investigate the alleged NSA hacking of the SWIFT (international bank transfer) system. The excuse he gave was not that Europol didn't know about it, because it did. Very much so. It was that there had been no formal complaint from any member state.