Bitcoin

Ask Slashdot: Time To Get Into Crypto-currency? If So, Which? 264

Qbertino writes: With the ever-looming cyberpunk future in close proximity, I'm starting to wonder if it isn't time to get myself familiar with crypto currency as a means of trade. Bitcoin is all the hype, but the blockchain has flaws, in that it isn't as anonymous as one would hope for — you can track past transactions. Rumors of Bitcoin showing cracks are popping up and also there are quite a few alternatives out there. So I have some questions: Is getting into dealing with crypto currency worthwhile already? Is Bitcoin the way to go, or will it falter under wide use / become easily trackable once NSA and the likes adapt their systems to doing exactly that? What digital currency has the technical and mind-share potential to supersede bitcoin? Are there feasible cryptocurrencies that have the upsides of Bitcoin (such as a mathematical limit to their amount) but are fully anonymous in transactions? What do the economists and digi-currency nerds here have to contribute on that? What are your experiences with handling and holding cryptocurrency? And does Bitcoin own the market or is it still flexible enough for an technology upgrade?
Government

Marco Rubio Wants To Permanently Extend NSA Mass Surveillance (nationaljournal.com) 346

SonicSpike writes: Marco Rubio wants Congress to permanently extend the authorities governing several of the National Security Agency's controversial spying programs, including its mass surveillance of domestic phone records. The Florida Republican and 2016 presidential hopeful penned an op-ed on Tuesday condemning President Obama's counterterrorism policies and warning that the U.S. has not learned the "fundamental lessons of the terrorist attacks of Sept. 11, 2001." Rubio called on Congress to permanently reauthorize core provisions of the post-9/11 USA Patriot Act, which are due to sunset on June 1 of this year and provide the intelligence community with much of its surveillance power. "This year, a new Republican majority in both houses of Congress will have to extend current authorities under the Foreign Intelligence Surveillance Act, and I urge my colleagues to consider a permanent extension of the counterterrorism tools our intelligence community relies on to keep the American people safe," Rubio wrote in a Fox News op-ed.
Security

NSA Hacker Chief Explains How To Keep Him Out of Your System (wired.com) 70

An anonymous reader writes: Rob Joyce, the nation's hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems. Joyce himself did little to shine a light on the TAO's classified operations. His talk was mostly a compendium of best security practices. But he did drop a few of the not-so-secret secrets of the NSA's success, with many people responding to his comments on Twitter.
Communications

U.S. Forces Viewed Encrypted Israeli Drone Feeds (theintercept.com) 49

iceco2 links to The Intercept's report that the U.S. and UK intelligence forces have been (or at least were) intercepting positional data as well as imagery from Israeli drones and fighters, through a joint program dubbed "Anarchist," based on the island of Cyprus. Among the captured images that the Intercept has published, based on data provided by Edward Snowden, are ones that appear to show weaponized drones, something that the U.S. military is well-known for using, but that the IDF does not publicly acknowledge as part of its own arsenal. Notes iceco2: U.S. spying on allies is nothing new. It is surprising to see the ease with which encrypted Israeli communications were intercepted. As always, it wasn't the crypto which was broken -- just the lousy method it was applied. Ars Technica explains that open-source software, including ImageMagick was central to the analysis of the captured data.
Electronic Frontier Foundation

NSA Wants To Dump the Phone Records It Gathered Over 14 Years (thenextweb.com) 56

According to The Next Web, the NSA would like to get rid of something that a lot of people wish they'd never had in the first place: phone records that the agency has collected over a decade and a half (more, really) of mass surveillance. However, the EFF wants to make sure that the evidence of snooping doesn't get buried along with the actual recorded data. From the article: [T]he government says that it can't be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection. EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases. It'll be interesting to see how this pans out: if the government doesn't agree to a discussion about how to handle these phone records, it's possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.
The Internet

The Clock Is Ticking For the US To Relinquish Control of ICANN (betanews.com) 183

Mark Wilson writes: The U.S. is not afraid to throw its weight around; it likes not only to be involved in things, but to be in control. For decades, ICANN (Internet Corporation for Assigned Names and Numbers) — the non-profit organization that manages IP addresses and domain names — has been overseen by the U.S. Department of Commerce, much to the chagrin of people around the world. Most upset are those who point to the independent nature of the internet, and the need for any body with global power to be similarly indpendent. Later this year ICANN is set — at long last — to completely separate from the U.S. government.

While this does hinge on U.S. government approval, by the end of September, ICANN could instead be in the hands of businesses, individuals, and multiple global governments. While the changing of hands should not alter the way ICANN operates, it is hoped that it will go some way to restoring faith that may have been lost after revelations about online surveillance by the NSA and other U.S. government agencies.

Privacy

Edward Snowden Is Tired of Being Bombarded By Suitors (mirror.co.uk) 225

cold fjord writes: The Mirror reports that Edward Snowden is experiencing some unexpected fallout from the notoriety he received from his activism for government transparency. It seems he has become something of a sex symbol and his female fans are sending him graphic nude pictures of themselves. He has found it necessary to dissuade them by reminding everyone that the FBI has a warrant for him (and probably monitor his communications so they will see the pics) and that he already has a girlfriend. No word yet on if this is having any effect.
Encryption

NSA Chief: Arguing Against Encryption Is a Waste of Time (theintercept.com) 184

An anonymous reader writes: On Thursday, NSA director Mike Rogers said, "encryption is foundational to the future." He added that it was a waste of time to argue that encryption is bad or that we ought to do away with it. Rogers is taking a stance in opposition to many other government officials, like FBI director James Comey. Rogers further said that neither security nor privacy should be the imperative that drives everything else. He said, "We've got to meet these two imperatives. We've got some challenging times ahead of us, folks."
Cloud

Anti-Terrorism Hypothetical: Bulk Scanning of Hosted Files? (justsecurity.org) 284

An anonymous reader writes: The tech community has spoken: we don't want the NSA or any other government agency running bulk surveillance on us, and we don't want tech companies to help them. But Bruce Schneier points out an interesting hypothetical raised by Harvard Law School professor Jonathan Zittrain: "Suppose a laptop were found at the apartment of one of the perpetrators of last year's Paris attacks. It's searched by the authorities pursuant to a warrant, and they find a file on the laptop that's a set of instructions for carrying out the attacks. ... The private document was likely shared among other conspirators, some of whom are still on the run or unknown entirely. Surely Google has the ability to run a search of all Gmail inboxes, outboxes, and message drafts folders, plus Google Drive cloud storage, to see if any of its 900 million users are currently in possession of that exact document.

If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file — and all other Google users would remain undisturbed, except for the briefest of computerized 'touches' on their accounts to see if the file reposed there." Zittrain asks: would you run the search? He then walks us through some of the possible complications to the situation, and the pros and cons of granting permission. His personal conclusion is this: "At least in theory, and with some real trepidation, I'd run the search in that instance, and along with it publicly establish a policy for exactly how clear cut the circumstances have to be (answer: very) for future cases to justify pressing the enter key on a similar search." What would you do?

Security

Ann Caracristi, Who Cracked Codes, and the Glass Ceiling At NSA, Dies At 94 (washingtonpost.com) 96

An anonymous reader writes with this story at The Washington Post about the life and death of Ann Caracristi. From the article: "Ann Caracristi, who became one of the highest ranking and most honored women at the code breaking National Security Agency after a career extending from World War II through much of the Cold War, died Jan. 10 at her home in Washington. She was 94. ... Ms. Caracristi formally retired from her intelligence career in 1982, after becoming the sixth deputy director of the NSA . . . She was the first woman to serve as deputy director. One of her strengths was reconstructing enemy code books, said Liza Mundy, a former Washington Post staff writer who is working on a book about U.S. female code breakers during the war. Admired for her early accomplishments as a young woman in wartime Washington, Ms. Caracristi was credited in her later career with providing leadership for new generations of code breakers and for her efforts to bring computers and technology to bear on the work. ... One of her jobs at the NSA was as chief from 1959 to 1980 of branches devoted to research and operations. Her honors there included the Defense Department's Distinguished Civilian Service Award and the National Security Medal, among other top federal honors. After retiring, she began serving on a variety of prominent scientific, defense and intelligence advisory boards and committees."
The Military

US Military Will Soon Begin Testing NSA's New, Post-Snowden Security Measures (dailydot.com) 72

Patrick O'Neill writes: The U.S. military will closely review the NSA's security measures as concerns mount that foreign adversaries and independent hackers are targeting the American government in cyberspace. "We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general, wrote in the letter.
Security

Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm (threatpost.com) 78

msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper's NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. 'And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.'
Republicans

Marco Rubio: We Need To Add To US Surveillance Programs (dailydot.com) 343

Patrick O'Neill writes: The debate over surveillance hit the 2016 race for the White House again on Sunday when Republican presidential candidate Marco Rubio said he wants to add to American surveillance programs, many of which were created after 9/11. He invoked a recent shooting of a Philadelphia police officer by a man who allegedly pledged allegiance to the Islamic State. "This the kind of threat we now face in this country," Rubio said. "We need additional tools for intelligence." Rubio also addressed the NSA leaks that led to this debate: "Edward Snowden is a traitor. He took our intelligence information and gave it to the Chinese and gave it to the Russians. We cannot afford to have a commander-in-chief who thinks people like Edward Snowden are doing a good public service."
Encryption

New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com) 78

campuscodi writes: Dutch security researcher Guido Vranken has published a paper [PDF] in which he details a new attack on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams. Attackers could extract the length of a password from TLS packets, and then use this information to simplify brute-force attacks. The new HTTPS Bicycle Attack can also be used retroactively on HTTPS traffic logged several years ago. Hello NSA!
Encryption

NSA Targeted 'The Two Leading' Encryption Chips (theintercept.com) 113

Advocatus Diaboli sends a report from Glenn Greenwald at The Intercept about the NSA's efforts to subvert encryption. Back in 2013, several major publications reported that the NSA was able to crack encryption surrounding commerce and banking systems. Their reports did not identify which specific technology was affected. The recent backdoor found in Juniper systems has caused the journalists involved to un-redact a particular passage from the Snowden documents indicating the NSA targeted the "two leading encryption chips" in their attempts to compromise encryption. Quoting: The reference to "the two leading encryption chips" provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that "the damage has already been done. From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way."
Government

NSA Cheerleaders Discover Value of Privacy Only When Their Own Is Violated (theintercept.com) 267

Advocatus Diaboli sends this report from Glen Greenwald: The Wall Street Journal reported yesterday that the NSA under President Obama targeted Israeli Prime Minister Benjamin Netanyahu and his top aides for surveillance. In the process, the agency ended up eavesdropping on "the contents of some of their private conversations with U.S. lawmakers and American-Jewish groups" about how to sabotage the Iran Deal. All sorts of people who spent many years cheering for and defending the NSA and its programs of mass surveillance are suddenly indignant now that they know the eavesdropping included them and their American and Israeli friends rather than just ordinary people. The long-time GOP chairman of the House Intelligence Committee and unyielding NSA defender Pete Hoekstra last night was truly indignant to learn of this surveillance.

In January 2014, I [Greenwald] debated Rep. Hoekstra about NSA spying and he could not have been more mocking and dismissive of the privacy concerns I was invoking. "Spying is a matter of fact," he scoffed. As Andrew Krietz, the journalist who covered that debate, reported, Hoekstra "laughs at foreign governments who are shocked they've been spied on because they, too, gather information" — referring to anger from German and Brazilian leaders. As TechDirt noted, "Hoekstra attacked a bill called the RESTORE Act, that would have granted a tiny bit more oversight over situations where (you guessed it) the NSA was collecting information on Americans." But all that, of course, was before Hoekstra knew that he and his Israeli friends were swept up in the spying of which he was so fond.

Security

The Juniper VPN Backdoor: Buggy Code With a Dose of Shady NSA Crypto (csoonline.com) 61

itwbennett writes: Security researchers and crypto experts now believe that a combination of likely malicious third-party modifications and Juniper's own crypto failures are responsible for the recently disclosed backdoor in Juniper NetScreen firewalls. 'To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional — you be the judge!,' Matthew Green, a cryptographer and assistant professor at Johns Hopkins University wrote in a blog post. 'They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road.'
United States

Catalogue of Government Gear For Cellphone Spying (theintercept.com) 69

Advocatus Diaboli sends word that The Intercept has obtained a secret catalog of surveillance gear used by the U.S. from a concerned intelligence official. They report: "The intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing 'dirt boxes' and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before."
Communications

Ask Slashdot: Keeping My Data Mine? (2015 Edition) 132

New submitter schklerg writes: Like many, I am tired of being the product of the corporate "cloud" overlords. To that end, I've got my own Linux server running Tiny Tiny RSS (RSS — Feedly replacement), OwnCloud (Storage / phone backup / Keepass sync / notes — Google Drive replacement), Coppermine Gallery (picture library), Dokuwiki (quick reference), and Shaarli (bookmarks manager — Foxmarks / Sync replacement). Crashplan lets me pick the keys for my backups, and the only thing Google Drive ever sees is a pgp encrypted file of various items. Next up is moving from gmail with iRedMail. Yes, the NSA may have it all anyway, but being under less corporate control is a nice feeling. What have you done to maintain control of your own data?
Privacy

CISA Surveillance Bill Hidden Inside Last Night's Budget Bill (engadget.com) 166

An anonymous reader writes that the Cybersecurity Information Sharing Act (CISA) was inserted into the omnibus budget deal passed by the House of Representatives late last night. Engadget reports: "Last night's budget bill wasn't all about avoiding a government shutdown. Packed inside the 2,000-page bill announced by Speaker Paul Ryan (R-WI) is the full text of the controversial Cybersecurity Information Sharing Act (CISA) of 2015. If you'll recall, the measure passed the Senate back in October, leaving it up to the House to approve the bill that encourages businesses to share details of security breaches and cyber attacks. Despite being labeled as cybersecurity legislation, critics of CISA argue that it's a surveillance bill that would allow companies to share user info with the US government and other businesses. As TechDirt points out, this version of the bill stripped important protections that would've prevented directly sharing details with the NSA and required any personally identifying details to be removed before being shared. It also removes restrictions on how the government can use the data."

Slashdot Top Deals