benrothke writes "Elementary Information Security, based on its title, weight and page length, I assumed was filled with mindless screen shots of elementary information security topics, written with a large font, in order to jack up the page count. Such an approach is typical of far too many security books. With that, if there ever was a misnomer of title, Elementary Information Security is it." Read below for the rest of Ben's review

Qedward writes "The Metropolitan Police has rolled out a mobile device data extraction system to allow officers to extract data 'within minutes' from suspects' phones while they are in custody. 'Ostensibly, the system has been deployed to target phones that are suspected of having actually been used in criminal activity, although data privacy campaigners may focus on potentially wider use.'"

Fluffeh writes "In Australia, we have the right to record TV and play it back at a later date; we also have the right to transcode from one format to another, so anyone with a media server can legally back up their entire DVD collection and watch it without all those annoying warnings and unskippable content — as long as we don't break encryption (please stop laughing!). Optus, Australia's second largest Telco, has been raising ire though with the new TV Now service they are offering and Big Media is having a hissy fit. The service does the recording on behalf of the customer. Seems like a no-brainer right? Let the customer do what they are allowed to legally do at home, but charge them for it. Everybody wins! Not according to Sports Broadcasters, who made this statement when Optus said they would appeal their recent loss in an Australian Court to the highest court in the land: 'They are a disgusting organization who is acting reprehensibly again and now putting more uncertainty into sports and broadcast rights going forward I'm really disappointed and disgusted in the comments of their CEO overnight.' Is this yet another case of Big Media clutching at an outdated business model, or should consumers be content with just doing their own work?"

An anonymous reader writes "I used to travel with a book and some clothes in a backpack, and now my entire life fits into my briefcase. I have a laptop, a tablet, and a cell phone with access to all of my documents through Dropbox, and all the books I own are on my kindle. Aside from having about four grand in electronics, the bag has everything of value that I own. If that bag is stolen while I'm traveling, it will be more trouble than if my apartment burns down (while I'm not in it). What can I do to secure my life-in-a-briefcase?"

An anonymous reader sends word that Apache OpenOffice 3.4 has been released (download). This is the first release since OpenOffice became a project at the Apache Software Foundation. The release notes list all of the improvements, the highlights of which The H has summarized: "According to its developers, Apache OpenOffice (AOO) 3.4.0, the first update since OpenOffice.org 3.3.0 from January 2011, now starts up faster than its predecessor and introduces a number of new features such as support for documents secured using AES256 encryption. The Linear Programming solver in the Calc spreadsheet program has been replaced with the CoinMP C-API library from the Computational Infrastructure for Operations Research (COIN-OR) project. As in LibreOffice 3.4.0, the DataPilot functionality has been renamed to Pivot Table, and now supports an unlimited number of fields. A new 'Quote all text cells' CSV (Comma Separated Values) export option has been also added to Calc. Other changes include improved ODF 1.2 encryption and Unix Printing support and various enhancements to the Impress presentation and Draw sketching programs."

An anonymous reader writes "If you're running a terrorist organization, it might make sense to encrypt your files. Clearly Osama Bin Laden didn't realize that — as some of the documents seized during the raid on his hideout in Pakistan have been made public for the first time. 17 electronic documents, which were found on USB sticks, memory cards and computer hard drives after US Navy Seals killed the terrorist chief in the May 2011 raid, are being released in their original Arabic alongside English translations by the Combating Terrorism Center, reports Sophos."

According to CNN, which credits Hamburg-based newspaper Die Zeit, German investigators have uncovered a trove of more than 100 Al Qaeda documents recovered from a "digital storage device" (and memory cards) which were found hidden in the underpants of Austrian citizen Maqsood Lodin, who had recently traveled to Pakistan. The documents "included an inside track on some of the terror group's most audacious plots and a road map for future operations." Among these future plots: "[S]eizing cruise ships and carrying out attacks in Europe similar to the gun attacks by Pakistani militants that paralyzed the Indian city of Mumbai in November 2008." The documents were reportedly neither in plain view nor simply encrypted, but instead steganographically embedded in a pornographic video.

Trailrunner7 writes "A new project that was setup to monitor the quality and strength of the SSL implementations on top sites across the Internet found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure. The SSL Pulse project, set up by the Trustworthy Internet Movement, looks at several components of each site's SSL implementation to determine how secure the site actually is. The project looks at how each site is configured, which versions of the TLS and SSL protocols the site supports, whether the site is vulnerable to the BEAST or insecure renegotiation attacks and other factors. The data that the SSL Pulse project has gathered thus far shows that the vast majority of the 200,000 sites the project is surveying need some serious help in fixing their SSL implementations."

New submitter skipkent writes "Iran's military has started to build a copy of a U.S. surveillance drone captured last year after breaking the software encryption, Iranian media reported on Sunday. General Amir Ali Hajizadeh, head of the Revolutionary Guards aerospace division, said engineers were in the final stages of decoding data from the Sentinel aircraft, which came down in December near the Afghan border, Mehr news agency reported."

suraj.sun writes with these snippets from an article at Ars Technica: "Hacker group Anonymous and the People's Liberation Front have created a data-sharing site called AnonPaste.tk, meant to host pastes of code and other messages without any moderation or censorship of the information posted. The new site, which uses a free .tk web address, allows users to set a time for the paste to expire. It claims that data is encrypted and decrypted in the browser using 256 bit AES, so the server doesn't see any of the information included in the paste.The site says it's taking donations in the form of WePay or BitCoins. ... AnonPaste is built using open-source software called ZeroBin, created by French developer Sebastien Sauvage. According to Infoweek Sauvage has experience in creating online authentication systems for French banks, suggesting the creator knows a thing or two about encryption of data. Still, on the software's information page, Sauvage reminds potential users that ZeroBin software can not protect against potential Javascript attacks. 'Users still have to trust the server regarding the respect of their privacy,' he says. 'ZeroBin won't protect the users against malicious servers.'"

tearmeapart writes "A major security issue has been found in all OpenSSL packages. You probably want to download your preferred OpenSSL package as soon as possible. Changes to the CVS repository are detailed on the OpenSSL timeline."

benrothke writes "While Julius Caesar likely never said 'Et tu, Brute?' the saying associated with his final minutes has come to symbolize the ultimate insider betrayal. In The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, authors Dawn Cappelli, Andrew Moore and Randall Trzeciak of the CERT Insider Threat Center provide incontrovertible data and an abundance of empirical evidence, which creates an important resource on the topic of insider threats. There are thousands of companies that have uttered modern day versions of Et tu, Brute due to insidious insider attacks and the book documents many of them." Read on for the rest of Ben's review.

First time accepted submitter Kelerei writes "Windows 8 has been confirmed as the official name for the next x86/x64 version of Windows, which will be released in two editions: a home edition (simply named 'Windows 8') featuring an updated Windows Explorer, Task Manager, improved multi-monitor support and 'the ability to switch languages on the fly,' while a professional edition ('Windows 8 Pro') adds features for businesses and technical professionals such as encryption, virtualization and domain connectivity. Windows Media Center will not be included in the Pro edition and will be available separately as part of a 'media pack' add-on. A third edition, branded as 'Windows RT,' will be available for ARM-based systems."

An anonymous reader writes "The University of Pittsburgh has been plagued with 78 bomb threats (and counting) since February 14. It started low-tech, with handwritten notes, but has progressed to anonymous emails. Nearly every campus building has been a target. The program suspected is anonymous mailer Mixmaster. The university has been evacuating each building when threats come in (day or night), and police departments from around Allegheny County have offered assistance with clearing each building floor by floor with bomb sniffing dogs. There is a popular tracking blog set up by a student as well as a growing Reddit community. Is there any foreseeable defense (forensic or socially engineered) to a situation like this?"

An anonymous reader writes "Last year Slashdot ran a story on scientists from the Max-Planck-Institute for Physics of Complex Systems in Dresden, Germany developing a novel method to improve password security. A strong long password is split in two parts; the first part is memorized by a human, and the second part is stored as a CAPTCHA-like image of a chaotic lattice system. Today, after a year of work, the same group at Max Planck Institute released a working prototype online, where everybody can try this technology to encrypt files (Java plugin required)."

An anonymous reader writes "A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts 'to speak Tor' to the hosts. If they reply, they're deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated."

rtobyr writes "We use the Internet — E-mail, Facebook, Twitter, and blogs to communicate with colleagues, friends, and family. When I was in Iraq with the Marine Corps, we used e-mail (secured with encryption and stuff, but e-mail nonetheless) to communicate the commanding officer's order that a combat mission should be carried out. My third grade daughter produces her own YouTube videos, and can create public servers for her games with virtual private network technology. Yet here I am trusting a third grade girl to deliver memos to me about her educational requirements in an age in which I can't remember the last time I used paper. Teachers could have distribution lists of the parents. The kids' homework is printed. Therefore, it must have started as a computer file (I hope they're not still using mimeograph machines). Teachers could e-mail a summary of what's going on, and attach the homework files along with other notices about field trips or conferences that parents should be aware of. Teachers could have an easy way to post all these files to the Internet on blogs. With RSS, parents could subscribe to receive everything that teachers put online. If teachers want to add to the blog their own personal comments about how the school year is going, then all the parents would see that also, and perhaps have the opportunity to comment on the blog. It seems to me that with the right processes, the cost and additional workload would be insignificant. For example, instead of developing a syllabus in MS Word, use Wordpress. Have schools simply not paid attention to the past decade of technology, or is there a reason that these things aren't in place?" It seems odd that primary schools in at least the U.S. don't use technology to communicate with students much. My younger sister went to a private school that made reasonable use of Blackboard, but that seems to be the exception.

Fluffeh writes "David Maurice House, an MIT researcher and Bradley Manning supporter, was granted the right to pursue a case against the government on Wednesday after a federal judge denied the government's motion to dismiss. 'This ruling affirms that the Constitution is still alive at the US border,' ACLU Staff Attorney Catherine Crump said in a statement. 'Despite the government's broad assertions that it can take and search any laptop, diary or smartphone without any reasonable suspicion, the court said the government cannot use that power to target political speech.' The agents confiscated a laptop computer, a thumb drive, and a digital camera from House and reportedly demanded, but did not receive, his encryption keys. DHS held onto House's equipment for 49 days and returned it only after the ACLU sent a strongly worded letter."

MrSeb writes "HTTP, the protocol that underpins almost every inch of the world wide web, is about to make the jump from version 1.1 to 2.0 after some 13 years of stagnation. For a long time it looked like Google's experimental SPDY protocol would be the only viable option for the Internet Engineering Task Force to ratify as HTTP 2.0, but now out of left field comes a competing proposal from Microsoft. Lumbered with the truly awful name of HTTP Speed+Mobility, or HTTP S+M for short, Microsoft's vision of HTTP 2.0 is mostly very similar to SPDY, but with additional features that cater toward apps and mobile devices. 'The HTTP Speed+Mobility proposal starts from both the Google SPDY protocol and the work the industry has done around WebSockets,' says Jean Paoli from the Microsoft Interoperability team. Basically, the S+M proposal looks like it's less brute-force than SPDY: Where server push, encryption, and compression are all built into SPDY, Microsoft, citing low-powered devices and metered connections, wants them to be optional extensions. Judging by the speed at which the internet (and the internet of things) is developing, I think MS's extensible, flexible solution has its merits."

Sparrowvsrevolution writes "Micro Systemation, a Stockholm-based company, has released a video showing that its software can easily bypass the iPhone's four-digit passcode in a matter of seconds. It can also crack Android phones, and is designed to dump the devices' data to a PC for easy browsing, including messages, GPS locations, web history, calls, contacts and keystroke logs. The company's director of marketing says it uses an undisclosed vulnerability in the devices it targets to run a program on the phone that brute-forces its passcode. He says the company's business is 'booming' and that it's sold the devices to law enforcement and military customers in 60 countries. He says Micro Systemation's biggest customer is the U.S. military."