An anonymous reader writes "Wired reports that the chat logs between Bradley Manning and Julian Assange that were used as evidence in Manning's trial have made it onto the web, at least briefly. One of those logs contained something very interesting on page 4, which was picked up on by the News of Iceland, which reports, '"Jesus Christ. I think that we have recordings of all phone calls to and from the Icelandic parliament during the past four months". This text can be found in documents that the US military published on its website and is said to be part of the conversations between Julian Assange and Bradley Manning. According to the documents, Assange claims to have phone call recordings from Althingi, the Icelandic parliament, but this is the first time that the existence of such data is mentioned publicly. ... According to Icelandic laws, it is required to inform the person you are speaking with if the phone call is being recorded. Given that the parliament is not violating laws it is clear that Assange or his associates would have to have installed recording devices or wiretaps in the parliament.' — What makes it even more interesting is that Wired also reports in this recent story: Someone's Been Siphoning Data Through a Huge Security Hole in the Internet."
Want business-intelligence news delivered to your inbox? Signup for SlashBI Update now.
codeusirae writes "A study by Incapsula suggests 61.5% of all website traffic is now generated by bots. The security firm said that was a 21% rise on last year's figure of 51%. From the article: 'Some of these automated software tools are malicious - stealing data or posting ads for scams in comment sections. But the firm said the biggest growth in traffic was for 'good' bots. These are tools used by search engines to crawl websites in order to index their content, by analytics companies to provide feedback about how a site is performing, and by others to carry out other specific tasks - such as helping the Internet Archive preserve content before it is deleted.'"
Frequent contributor Bennett Haselton writes: "Google has fixed a vulnerability, first discovered by researcher Gergely Kalman, which let users search for credit card numbers by using hex number ranges. However, Google should have acknowledged or at least responded to the original bug finder (and possibly even paid him a bounty for it), and should have been more transparent about the process in general." Read on for the rest of the story.
First time accepted submitter LibbyMC writes "Google's approach to bringing older C software to the browser is demonstrated in bringing the '80s-era AmigaOS to Chrome. 'The Native Client technology runs software written to run on a particular processor at close to the speeds that native software runs. The approach gives software more direct access to a computer's hardware , but it also adds security restrictions to prevent people from downloading malware from the Web that would take advantage of that power.'" Chrome users can go straight to the demo.
An anonymous reader writes "A New Zealand backpacker stripped of all electrical equipment at Auckland airport suggests attending a London talk on cyber-security following the Edward Snowden leaks may be to blame. Samuel Blackman was returning home for Christmas on 11 December from London Heathrow to Auckland via San Francisco when a customs officer at his final destination took the law graduate's two smartphones, iPad, external hard drive and laptop, demanding the passwords for all devices." For a quieter version, see also The New Zealand Herald.
wiredmikey writes "Business for Switzerland's 55 data centers is booming. They benefit from the Swiss reputation for security and stability, and some predict the nation already famous for its super-safe banks will soon also be known as the world's data vault. For example, housed in one of Switzerland's numerous deserted Cold War-era army barracks, one high-tech data center is hidden behind four-ton steel doors built to withstand a nuclear attack — plus biometric scanners and an armed guard. Such tight security is in growing demand in a world shaking from repeated leaks scandals and fears of spies lurking behind every byte."
New submitter srobert writes "An article at Ars Technica explains how, following stories of NSA leaks, FreeBSD developers will not rely solely on Intel's or Via's chip-based random number generators for /dev/random values. The values will first be seeded through another randomization algorithm known as 'Yarrow.' The changes are effective with the upcoming FreeBSD 10.0 (for which the first of three planned release candidates became available last week)."
First time accepted submitter ConstantineM writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, email@example.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"
alphatel writes "The Swedish company Resarchgruppen has discovered a flaw in the Disqus commenting system, enabling them to identify Disqus users by their e-mail addresses. The crack was done in cooperation with the Bonnier Group tabloid Expressen, in order to reveal politicians commenting on Swedish hate speech-sites."
Hugh Pickens DOT Com writes "For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. Now the Washington Post reports that the NSA secretly piggybacks on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance. The agency uses a part of a Google-specific tracking mechanism known as the 'PREF' cookie to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. 'On a macro level, "we need to track everyone everywhere for advertising" translates into "the government being able to track everyone everywhere,"' says Chris Hoofnagle. 'It's hard to avoid.' Documents reviewed by the Post indicate cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. Google declined to comment for the article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests."
MightyMait writes "There's a plan underway to build a space agency run by African nations, and there is a (non-fictional) George Clooney connection. This BBC article details the history of space exploration in Africa as well as current efforts. Quoting: 'To Western eyes, it may seem rather inappropriate to launch space programs in sub-Saharan Africa, where nearly 70% of the population still lives on less $2 a day. Yet Joseph Akinyede, director of the African Regional Center for Space Science and Technology Education in Nigeria, an education center affiliated with the United Nations Office for Outer Space Affairs, says that the application of space science technology and research to "basic necessities" of life – health, education, energy, food security, environmental management – is critical for the development of the continent.'"
New submitter fierman writes "In a work to be presented at the Network and Distributed System Security Symposium (ISOC NDSS'14), INRIA researchers show the privacy risks of Real-Time Bidding (PDF) and High-Frequency Trading for selling advertisement spaces. Combining Real-Time Bidding and Cookie Matching, advertisers can significantly improve their tracking and profiling capabilities. Both technologies are already prevalent on the Web. The research discusses the value of users' private data (browsing history) retrieved directly from the advertisers, leveraging an exposed information leak in RTB systems. Advertisers will pay about $0.0005 to display a targeted ad to a single user, while at the same time acquiring information about them. The research also shows evidence of price variation with users' profiles, physical location, time of day and content of visited sites."
An anonymous reader writes with news that even Canada is getting its hands dirty in the international dragnet fiasco. From the article: "The leaked NSA document being reported exclusively by CBC News reveals Canada is involved with the huge American intelligence agency in clandestine surveillance activities in 'approximately 20 high-priority countries.' ... Wesley Wark, a Canadian security and intelligence expert at the University of Ottawa, says the document makes it clear Canada can take advantage of its relatively benign image internationally to covertly amass a vast amount of information abroad. 'I think we still trade on a degree of an international brand as an innocent partner in the international sphere,' Wark said. 'There's not that much known about Canadian intelligence.'"
sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages." Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.
An anonymous reader writes in with news that some NSA agents were trying to dig up info by joining the horde. "To the National Security Agency analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency's impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs. That vision of spycraft sparked a concerted drive by the NSA and its UK sister agency GCHQ to infiltrate the massive communities playing online games, according to secret documents disclosed by whistleblower Edward Snowden.....The agencies, the documents show, have built mass-collection capabilities against the Xbox Live console network, which has more than 48 million players. Real-life agents have been deployed into virtual realms, from those Orc hordes in World of Warcraft to the human avatars of Second Life. There were attempts, too, to recruit potential informants from the games' tech-friendly users."