Security

President Obama Unveils $19 Billion Plan To Overhaul U.S. Cybersecurity 132

erier2003 writes: President Obama on Tuesday unveiled an expansive plan to bolster government and private-sector cybersecurity by establishing a federal coordinator for cyber efforts, proposing a commission to study future work, and asking Congress for funds to overhaul dangerously obsolete computer systems. His newly signed executive orders contain initiatives to better prepare college students for cybersecurity careers, streamline federal computer networks, and certify Internet-connected devices as secure. The Cybersecurity National Action Plan also establishes a Federal Privacy Council (to review how the government stores Americans' personal information), creates the post of Chief Information Security Officer, and establishes a Commission on Enhancing National Cybersecurity.
Crime

Hackers Leak List of FBI Employees (vice.com) 107

puddingebola writes: The hackers responsible for the leaking of DHS employees made good on their threat to reveal the names of 20,000 FBI employees. From the article: "The hacker provided Motherboard with a copy of the data on Sunday. The list includes names, email addresses (many of which are non-public) and job descriptions, such as task force deputy director, security specialist, special agent, and many more. The list also includes roughly 1,000 FBI employees in an intelligence analysis role."
GNU is Not Unix

Talos Secure Workstation Is Free-Software Centric — and $3100 [Updated] 114

jones_supa writes: These days, the motivation to use open source software for many people is to avoid backdoors placed by intelligence organizations and to avoid software that has hidden privacy-intruding characteristics. For the operating system and userspace software, open choices are already available. The last remaining island has been the firmware included in various ROM chips in a computer. Libreboot has introduced an open BIOS, but it is not available for newer systems featuring the Intel ME or AMD PSP management features. Talos' Secure Workstation fills this need, providing a modern system with 8-core POWER8 CPU, 132 GB RAM, and open firmware. The product is currently in a pre-release phase where Raptor Engineering is trying to understand if it's possible to do a production run of the machine. If you are interested, it's worth visiting the official website. Adds an anonymous reader about the new system, which rings in at a steep $3100: "While the engineers found solace in the POWER8 architecture with being more open than AMD/Intel CPUs, they still are searching for a graphics card that is open enough to receive the FSF Respect Your Freedom certification." Update: 02/08 18:44 GMT by T : See also Linux hacker and IBM employee Stewart Smith's talk from the just-completed linux.conf.au on, in which he walks through "all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system." Update: 02/08 23:30 GMT by T :FSF Licensing & Compliance Manager Joshua Gay wrote to correct the headline originally appeared with this story, which said that the Talos workstation described was "FSF Certified"; that claim was an error I introduced. "The FSF has not certified this hardware," says Gay, "nor is it currently reviewing the hardware for FSF certification." Sorry for the confusion.
Bitcoin

Ask Slashdot: Time To Get Into Crypto-currency? If So, Which? 266

Qbertino writes: With the ever-looming cyberpunk future in close proximity, I'm starting to wonder if it isn't time to get myself familiar with crypto currency as a means of trade. Bitcoin is all the hype, but the blockchain has flaws, in that it isn't as anonymous as one would hope for — you can track past transactions. Rumors of Bitcoin showing cracks are popping up and also there are quite a few alternatives out there. So I have some questions: Is getting into dealing with crypto currency worthwhile already? Is Bitcoin the way to go, or will it falter under wide use / become easily trackable once NSA and the likes adapt their systems to doing exactly that? What digital currency has the technical and mind-share potential to supersede bitcoin? Are there feasible cryptocurrencies that have the upsides of Bitcoin (such as a mathematical limit to their amount) but are fully anonymous in transactions? What do the economists and digi-currency nerds here have to contribute on that? What are your experiences with handling and holding cryptocurrency? And does Bitcoin own the market or is it still flexible enough for an technology upgrade?
Microsoft

Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers (voat.co) 566

An esteemed reader writes: Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently.
Government

Everything You Need To Know About the Big New Data-Privacy Bill In Congress 29

erier2003 writes with this excerpt from The Daily Dot: The United States and the European Union have agreed to a transatlantic data-sharing arrangement to protect U.S. companies' overseas activities and European citizens' privacy, but another initiative—one that's still working its way through Congress—could be just important to U.S.–E.U. relations and transnational privacy rights. The Judicial Redress Act is considered essential to a broader agreement between the U.S. and Europe over the sharing of data in criminal and terrorism investigations. The negotiations over the newly announced E.U.–U.S. Privacy Shield may have received more attention, but the concerns at the heart of this bill are no less important.
Mozilla

Firefox 44 Deletes Fine-Grained Cookie Management (mozilla.org) 412

ewhac writes: Among its other desirable features, Firefox included a feature allowing very fine-grained cookie management. When enabled, every time a Web site asked to set a cookie, Firefox would raise a dialog containing information about the cookie requested, which you could then approve or deny. An "exception" list also allowed you to mark selected domains as "Always allow" or "Always deny", so that the dialog would not appear for frequently-visited sites. It was an excellent way to maintain close, custom control over which sites could set cookies, and which specific cookies they could set. It also helped easily identify poorly-coded sites that unnecessarily requested cookies for every single asset, or which would hit the browser with a "cookie storm" — hundreds of concurrent cookie requests.

Mozilla quietly deleted this feature from Firefox 44, with no functional equivalent put in its place. Further, users who had enabled the "Ask before accept" feature have had that preference silently changed to, "Accept normally." The proffered excuse for the removal was that the feature was unmaintained, and that its users were, "probably crashing multiple times a day as a result" (although no evidence was presented to support this assertion). Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."

Government

Marco Rubio Wants To Permanently Extend NSA Mass Surveillance (nationaljournal.com) 348

SonicSpike writes: Marco Rubio wants Congress to permanently extend the authorities governing several of the National Security Agency's controversial spying programs, including its mass surveillance of domestic phone records. The Florida Republican and 2016 presidential hopeful penned an op-ed on Tuesday condemning President Obama's counterterrorism policies and warning that the U.S. has not learned the "fundamental lessons of the terrorist attacks of Sept. 11, 2001." Rubio called on Congress to permanently reauthorize core provisions of the post-9/11 USA Patriot Act, which are due to sunset on June 1 of this year and provide the intelligence community with much of its surveillance power. "This year, a new Republican majority in both houses of Congress will have to extend current authorities under the Foreign Intelligence Surveillance Act, and I urge my colleagues to consider a permanent extension of the counterterrorism tools our intelligence community relies on to keep the American people safe," Rubio wrote in a Fox News op-ed.
Privacy

Shopping Mall SMS Parking Notifications Could Be Used To Track Any Car (itnews.com.au) 42

Bismillah writes: Westfield's Scentre Group has removed SMS notifications for its ticketless parking system after it was discovered they could be used to track other people's cars unnoticed. The system allows you to enter any licence plate, which in turn will be scanned upon entry and exit at mall parking facilities — and when the free parking time is up, a notification message is sent to the mobile phone number entered, with the exact location of the car.
Privacy

EU Proposes End of Anonymity For Bitcoin and Prepaid Card Users (thestack.com) 158

An anonymous reader writes: In June the European Commission will propose new legislation to effectively end the possibility of anonymous payment, by forcing users of virtual currencies like Bitcoin, and of prepaid credit cards, to provide identity details. Additionally the EC intends to propose monitoring inter-bank transfers within Europe, a measure which had not been implemented with the launch of the EU-US Terrorist Financing Tracking Programme (TFTP). Though the proposed measures are intended to heap new pressure on the financing of terrorism, a report from Interpol last week concluded that terrorist funding methods have not changed substantially in recent years, stating 'Despite third party reporting suggesting the use of anonymous currencies like Bitcoin by terrorists to finance their activities, this has not been confirmed by law enforcement.'
Privacy

Ask Slashdot: How Do I Reduce Information Leakage From My Personal Devices? 257

Mattcelt writes: I find that using an ad-blocking hosts file has been one of the most effective way to secure my devices against malware for the past few years. But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own. And finding out today that Microsoft is, once again, bollocks at privacy (no surprise there) made me think I need to add a new strategic purpose to my hosts solution — specifically, preventing my devices from 'phoning home'. Knowing that my very Operating Systems are working against me in this regard incenses me, and I want more control over who collects my data and how. Does anyone here know of a place that maintains a list of the servers to block if I don't want Google/Apple/Microsoft to receive information about my usage and habits? It likely needs to be documented so certain services can be enabled or disabled on an as-needed basis, but as a starting point, I'll gladly take a raw list for now.
Crime

San Francisco Bay Area In Superbowl Surveillance Mode (wired.com) 95

An anonymous reader links to Wired's description of a surveillance society in miniature assembling right now in San Francisco: Super Bowl 50 will be big in every way. A hundred million people will watch the game on TV. Over the next ten days, 1 million people are expected to descend on the San Francisco Bay Area for the festivities. And, according to the FBI, 60 federal, state, and local agencies are working together to coordinate surveillance and security at what is the biggest national security event of the year.
Previous year's Superbowl security measures have included WMD sensors, database-backed facial recognition, and gamma-ray vehicle scanners. Given the fears and cautions in the air about this year's contest, it's easy to guess that the scanning and sensing will be even more prevalent this time.
Microsoft

Microsoft Edge's Private Browsing Mode Isn't Actually Private (betanews.com) 159

JustAnotherOldGuy writes: The forensic examination of most web browsers has proven that they don't have a provision for storing the details of privately browsed web sessions. However, in the case of Microsoft Edge, the private browsing isn't as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser's WebCache file. The Container_n table stores web history, and a field named 'Flag' with a value of '8' shows that website was visited in private mode. An investigator can easily spot the difference and use this evidence against a person. The not-so-private browsing featured by Edge makes its very purpose seem to fail, and you can't help but ask how such a fundamental aspect of private browsing could be so fantastically borked. It beggars belief.
Cellphones

ACLU Sues Anaheim Police For Public Records On Cell Phone Surveillance (scpr.org) 29

New submitter Lacey Waymire writes: The ACLU of Northern California is suing for a release of public records regarding Anaheim police's use of cell phone surveillance devices. "We don't think any surveillance devices, particularly these sorts of invasive cell phone surveillance devices, should ever be acquired or used without intense public debate and the adoption of safeguards to ensure they are only used in ways that follow our Constitution and laws," attorney Matt Cagle said. (See this Boing Boing posting with a bit more on "the happiest surveillance state on earth.")
Cellphones

WhatsApp Will Get Indicators To Highlight Encrypted Chats (softpedia.com) 27

An anonymous reader writes: WhatsApp 3.0 will come with two privacy-related changes. The first is in the Security section and is in the form of a new setting called "Show security indicators." Turning on this setting will add a lock icon to your WhatsApp whenever you're having encrypted conversations. The second new setting is in the Account section, with the addition of a new option that says "Share my account info." This setting will send the user's WhatsApp data to Facebook servers "to improve [their] Facebook experiences."
Debian

Privacy-Centric Linux Distro Tails Hits 2.0 Release 42

A_Mythago writes: The Amnesic Incognito Live System (Tails) has finalized version 2.0, which has several improvements and updates to continue to meet their mission of preserving privacy, anonymity and circumventing censorship without a trace, using a Debian 8.0 custom live distro. More details about Edward Snowden's use of Tails and the distro itself can be found at a previous Slashdot story from 2014.
The Almighty Buck

A Crowdfunding Site To Help Pay Patients' Medical Bills 285

Lucas123 writes: A start-up financial services company called Someone With Group has just completed a pilot of a crowdfunding service that allows hospitals to set up campaigns to help patients pay their medical expenses. The website, which is HIPAA compliant in terms of privacy and security, allows patients facing medical debts to inform family, friends and even strangers of their need for funds versus flowers or cards. The crowdfunding service also addresses a systemic debt issue in the healthcare industry. Each year, the U.S. healthcare industry writes off $40 billion in bad debt from unpaid medical bills. "Then you consider that $6 billion is spent on cards and flowers for patients every year. Why can't we redirect that money and put it into a debit instrument restricted to medical spending only?" said Jagemann-Bane, CEO of Someone With Group. One hospital group, Pinnacle Health Systems in Harrisburg, Penn., routinely writes off $40 million to $50 million a year in unpaid medical bills from patients. The hospital set up a crowdfunding site via Someone With Group and so far has seen a couple dozen patients use it. ... After a one-year pilot of the crowdfunding service, patients who've used it on average have raised $2,315.
Data Storage

Six Missing HDDs Contain Health Information of Nearly a Million Patients (corporate-ir.net) 87

Lucas123 writes: Health insurer Centene Corp. revealed that it is looking for six HDDs with information on 950,000 customers that went missing during a data project that was using laboratory results to improve the health outcomes of patients. The drives not only contain sensitive personal identification information, such as addresses, dates of birth and social security numbers, but they also contain health information. "While we don't believe this information has been used inappropriately," said Michael Neidorff, CEO of Centene.
Government

The US Government and Open Standards: a Tale of Personal Woe (thevarguy.com) 256

An anonymous reader writes: This article details a Linux user's struggles to submit a grant application when the process requires finicky, proprietary software. It also covers familiar ground made timely by the upcoming elections: the U.S. should prefer open source software and open standards over proprietary alternatives. The grant application required a PDF created by Adobe Acrobat — software Adobe no longer supports for Linux. Once the document was created, attempting to submit it while using Ubuntu fails silently. (On Windows 7, it worked immediately.) The reader argues, "By requiring Acrobat the government gives preference to a particular software vendor, assuring that thousands of people who otherwise would not choose to use Adobe software are forced to install it. Worse, endorsing a proprietary, narrowly supported technology for government data poses the risk that public information could become inaccessible if the vendor decides to stop supporting the software. Last but not least, there are privacy and fairness issues at stake. Acrobat is a totally closed-source program, which means we have to take Adobe's word for it that nothing sketchy is going on in its code. ... It would seem to be in the interest of the public for the government to prefer an open source solution, since it is much harder to hide nefarious features inside code that can be publicly inspected."
Electronic Frontier Foundation

NSA Wants To Dump the Phone Records It Gathered Over 14 Years (thenextweb.com) 56

According to The Next Web, the NSA would like to get rid of something that a lot of people wish they'd never had in the first place: phone records that the agency has collected over a decade and a half (more, really) of mass surveillance. However, the EFF wants to make sure that the evidence of snooping doesn't get buried along with the actual recorded data. From the article: [T]he government says that it can't be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection. EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases. It'll be interesting to see how this pans out: if the government doesn't agree to a discussion about how to handle these phone records, it's possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.

Slashdot Top Deals