Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

United States

Leaked Docs Reveal List of 30 Countries Hacked On Orders of FBI Informant Sabu 51

Posted by samzenpus
from the naming-names dept.
blottsie writes A Federal Bureau of Investigation informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now. A cache of leaked IRC chat logs and other documents obtained by the Daily Dot reveals the 30 countries—including U.S. partners, such as the United Kingdom and Australia—tied to cyberattacks carried out under the direction of Hector Xavier Monsegur, better known as Sabu, who served as an FBI informant at the time of the attacks.
Security

Obama Administration Argues For Backdoors In Personal Electronics 449

Posted by samzenpus
from the let-us-in dept.
mi writes Attorney General Eric Holder called it is "worrisome" that tech companies are providing default encryption on consumer electronics, adding that locking authorities out of being able to access the contents of devices puts children at risk. “It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said at a conference on child sexual abuse, according to a text of his prepared remarks. “When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.”
Electronic Frontier Foundation

Hundreds of Police Agencies Distributing Spyware and Keylogger 69

Posted by Soulskill
from the you-can-trust-us dept.
realized sends this news from the EFF: For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.

As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.
Privacy

The Executive Order That Redefines Data Collection 118

Posted by Soulskill
from the will-liberty-and-justice-for-all* dept.
sandbagger writes: " ...it is often the case that one can be led astray by relying on the generic or commonly understood definition of a particular word." That quote apparently applies to words offering constitutional protections against unreasonable search and seizure. TechDirt looks at the redefinition of the term "collection" as redefined by Executive Order 12333 to allow basically every information dragnet, provided no-one looks at it. "Collection" is now defined as "collection plus action." According to this document, it still isn't collected, even if it has been gathered, packaged and sent to a "supervisory authority." No collection happens until examination. It's Schrodinger's data, neither collected nor uncollected until the "box" has been opened. This leads to the question of aging off collected data/communications: if certain (non) collections haven't been examined at the end of the 5-year storage limit, are they allowed to be retained simply because they haven't officially been collected yet? Does the timer start when the "box" is opened or when the "box" is filled?
Facebook

Interview With Facebook's Head of Open Source 29

Posted by timothy
from the complete-transparency dept.
Czech37 writes Facebook may be among the world's most well-known tech companies, but it's not renowned for being at the forefront of open source. In reality, they have over 200 open source projects on GitHub and they've recently partnered with Google, Dropbox, and Twitter (among others) to create the TODO group, an organization committed to furthering the open source cause. In an interview with Opensource.com, Facebook's James Pearce talks about the progress the company has made in rebooting their open source approach and what's on the horizon for the social media network.
Stats

Microsoft's Asimov System To Monitor Users' Machines In Real Time 264

Posted by timothy
from the all-persons-who-enter-herein dept.
SmartAboutThings writes Microsoft will monitor users in the new Windows 9 Operating System in order to determine how the new OS is used, thus decide what tweaks and changes are need to be made. During Windows 8 testing, Microsoft said that they had data showing Start Menu usage had dropped, but it seems that the tools they were using at the time weren't as evolved as the new 'Asimov' monitor. The new system is codenamed 'Asimov' and will provide a near real-time view of what is happening on users' machines. Rest assured, the data is going to be obscured and aggregated, but intelligible enough to allow Microsoft to get detailed insights into user interactions with the OS. Mary Jo Foley says that the system was originally built by the Xbox Team and now is being used by the Windows team. Users who will download the technical preview of Windows 9, which is said to get unveiled today, will become 'power users' who will utilize the platform in unique scenarios. This will help Microsoft identify any odd bugs ahead of the final release.
Government

California Governor Vetoes Bill Requiring Warrants For Drone Surveillance 109

Posted by Soulskill
from the quis-custodiet-ipsos-drones? dept.
schwit1 sends word that California governor Jerry Brown has vetoed legislation that would have required warrants for surveillance using unmanned drones. In his veto message (PDF), Brown said, "This bill prohibits law enforcement from using a drone without obtaining a search warrant, except in limited circumstances. There are undoubtedly circumstances where a warrant is appropriate. The bill's exceptions, however, appear to be too narrow and could impose requirements beyond what is required by either the 4th Amendment or the privacy provisions in the California Constitution."

The article notes that 10 other states already require a warrant for routine surveillance with a drone (Florida, Idaho, Illinois, Indiana, Iowa, Montana, Oregon, Tennessee, Utah, and Wisconsin). Further, Brown's claims about the bill's exceptions are overstated — according to Slate, "California's drone bill is not draconian. It includes exceptions for emergency situations, search-and-rescue efforts, traffic first responders, and inspection of wildfires. It allows other public agencies to use drones for other purposes — just not law enforcement."
Crime

CEO of Spyware Maker Arrested For Enabling Stalkers 194

Posted by Soulskill
from the reaping-what-you-sow dept.
An anonymous reader writes: U.S. authorities have arrested and indicted the CEO of a mobile software company for selling spyware that enables "stalkers and domestic abusers." The U.S. Department of Justice accuses the man of promoting and selling software that can "monitor calls, texts, videos and other communications on mobile phones without detection." The agency pointed out this is the first criminal case based on mobile spyware, and promised to aggressively pursue makers of similar software in the future. Here's the legal filing (PDF). The FBI, with approval from a District Court, has disabled the website hosting the software.

"The indictment alleges that StealthGenie's capabilities included the following: it recorded all incoming/outgoing voice calls; it intercepted calls on the phone to be monitored while they take place; it allowed the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius; and it allowed the purchaser to monitor the user's incoming and outgoing e-mail messages and SMS messages, incoming voicemail messages, address book, calendar, photographs, and videos. All of these functions were enabled without the knowledge of the user of the phone."
Privacy

Medical Records Worth More To Hackers Than Credit Cards 78

Posted by samzenpus
from the pills-please dept.
HughPickens.com writes Reuters reports that your medical information, including names, birth dates, policy numbers, diagnosis codes and billing information, is worth 10 times more than your credit card number on the black market. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations. Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, says Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information. Plus "healthcare providers and hospitals are just some of the easiest networks to break into," says Jeff Horne. "When I've looked at hospitals, and when I've talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch."
Facebook

Facebook's Atlas: the Platform For Advertisers To Track Your Movements 89

Posted by samzenpus
from the like-a-puppy-nobody-wants dept.
An anonymous reader writes In its most direct challenge to Google yet, Facebook plans to sell ads targeted to its 1.3 billion users when they are elsewhere on the Web. The company is rolling out an updated version of Atlas that will direct ads to people on websites and mobile apps. From the article: "The company said Atlas has been rebuilt 'from the ground up' to cater for today's marketing needs, such as 'reaching people across devices and bridging the gap between online impressions and offline purchases.'"
EU

EU Gives Google Privacy Policy Suggestions About Data Protection 42

Posted by samzenpus
from the do-it-this-way dept.
itwbennett writes In a letter to Google (PDF) that was published Thursday, the Article 29 Working Party, an umbrella group for European data protection authorities, said Google's privacy policy, in addition to being clear and unambiguous, should also include an exhaustive list of the types of personal data processed. But if all that information is overwhelming to users, Google should personalize the privacy policy to show users only the data processing it is performing on their data.
Businesses

How the NSA Profits Off of Its Surveillance Technology 82

Posted by Soulskill
from the i'm-guessing-ebay dept.
blottsie writes: The National Security Agency has been making money on the side by licensing its technology to private businesses for more than two decades. It's called the Technology Transfer Program, under which the NSA declassifies some of its technologies that it developed for previous operations, patents them, and, if they're swayed by an American company's business plan and nondisclosure agreements, rents them out. The products include tools to transcribe voice recordings in any language, a foolproof method to tell if someone's touched your phone's SIM card, or a version of email encryption that isn't available on the open market.
Transportation

2015 Corvette Valet Mode Recorder Illegal In Some States 269

Posted by Soulskill
from the unless-you're-the-nsa dept.
innocent_white_lamb writes: The 2015 Corvette has a Valet Mode that records audio and video when someone other than the owner is driving the car. Activating the Valet Mode allows you to record front-facing video as well as capture audio from within the car so you can help keep your Corvette safe when it's in the hands of others. Well, it turns out that recording audio from within the car may be considered a felony in some states that require notice and consent to individuals that they are being recorded. Now GM is sending notices out to dealerships and customers alerting them to this fact as well as promising a future update to the PDR system.
Encryption

FBI Chief: Apple, Google Phone Encryption Perilous 353

Posted by samzenpus
from the lock-it-down dept.
An anonymous reader writes The FBI is concerned about moves by Apple and Google to include encryption on smartphones. "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. "What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law." From the article: "Comey cited child-kidnapping and terrorism cases as two examples of situations where quick access by authorities to information on cellphones can save lives. Comey did not cite specific past cases that would have been more difficult for the FBI to investigate under the new policies, which only involve physical access to a suspect's or victim's phone when the owner is unable or unwilling to unlock it for authorities."
Government

Drones Reveal Widespread Tax Evasion In Argentina 208

Posted by timothy
from the don't-cry-for-them dept.
Tailhook (98486) writes "The Argentine government has used drones to reveal 200 homes and 100 pools in an upper class area about ten miles south of Buenos Aires that had not been detailed on tax returns. Tax officials said the drones took pictures of luxury houses standing on lots registered as empty. The evasions found by the drones amounted to missing tax payments of more than $2 million and owners of the properties have been warned they now face large fines."
Privacy

Where Whistleblowers End Up Working 224

Posted by samzenpus
from the long-and-winding-road dept.
HughPickens.com writes Jana Kasperkevic writes at The Guardian that it's not every day that you get to buy an iPhone from an ex-NSA officer. Yet Thomas Drake, former senior executive at National Security Agency, is well known in the national security circles for leaking information about the NSA's Trailblazer project to Baltimore Sun. In 2010, the government dropped all 10 felony charges against him and he pleaded guilty to a misdemeanor charge for unauthorized use of a computer and lost his livelihood. "You have to mortgage your house, you have to empty your bank account. I went from making well over $150,000 a year to a quarter of that," says Drake. "The cost alone, financially — never mind the personal cost — is approaching million dollars in terms of lost income, expenses and other costs I incurred."

John Kiriakou became the first former government official to confirm the use of waterboarding against al-Qaida suspects in 2009. "I have applied for every job I can think of – everything from grocery stores to Toys R Us to Starbucks. You name it, I've applied there. Haven't gotten even an email or a call back," says Kiriakou. According to Kasperkevic, this is what most whistleblowers can expect. The potential threat of prosecution, the mounting legal bills and the lack of future job opportunities all contribute to a hesitation among many to rock the boat. "Obama and his attorney general, Eric Holder, declared a war on whistleblowers virtually as soon as they assumed office," says Kiriakou. "Washington has always needed an "ism" to fight against, an idea against which it could rally its citizens like lemmings. First, it was anarchism, then socialism, then communism. Now, it's terrorism. Any whistleblower who goes public in the name of protecting human rights or civil liberties is accused of helping the terrorists."
Education

Ask Slashdot: How To Keep Students' Passwords Secure? 191

Posted by samzenpus
from the one-password-to-rule-them-all dept.
First time accepted submitter bigal123 writes My son's school is moving more and more online and is even assigning Chromebooks or iPads to students (depending on the grade). In some cases they may have books, but the books stay home and they have user names and passwords to the various text book sites. They also have user names/passwords to several other school resources. Most all the sites are 3rd party. So each child may have many user names (various formats) and passwords. They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids. However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation. Do others have good password management suggestions or suggestions for a single sign-on process (no/minimal cost) for kids in school accessing school provisioned resources?
Privacy

Australian Senate Introduces Laws To Allow Total Internet Surveillance 212

Posted by samzenpus
from the watching-you dept.
First time accepted submitter Marquis231 writes New laws due to be passed in Australia allow intelligence agency ASIO to spy on domestic internet traffic like never before. The Sydney Morning Herald reports: "Spy agency ASIO will be given the power to monitor the entire Australian internet and journalists' ability to write about national security will be curtailed when new legislation – expected to pass in the Senate as early as Wednesday – becomes law, academics, media organisations, lawyers, the Greens party and rights groups fear."
Privacy

Stanford Promises Not To Use Google Money For Privacy Research 54

Posted by samzenpus
from the bang-for-your-buck dept.
An anonymous reader writes Stanford University has pledged not to use money from Google to fund privacy research at its Center for Internet and Society — a move that critics claim poses a threat to academic freedom. The center has long been generously funded by Google but its privacy research has proved damaging to the search giant as of late. Just two years ago, a researcher at the center helped uncover Google privacy violations that led to the company paying a record $22.5 million fine. In 2011-2012, the center's privacy director helped lead a project to create a "Do Not Track" standard. The effort, not supported by Google, would have made it harder for advertisers to track what people do online, and likely would have cut into Google's ad revenue. Both Stanford and Google say the change in funding was unrelated to the previous research.
Censorship

DuckDuckGo Now Blocked In China 82

Posted by Soulskill
from the fowl-play-suspected dept.
wabrandsma sends this news from Tech In Asia: Privacy-oriented search engine DuckDuckGo is now blocked in China. On Sunday DuckDuckGo founder and CEO Gabriel Weinberg confirmed to Tech in Asia that the team has noticed the blockage in China on Twitter. DuckDuckGo had been working fine in mainland China since its inception, aside from the occasional 'connection reset' experienced when accessing many overseas websites from within the country. But now the search engine is totally blocked in China. ... [T]he GreatFire index of blocked sites suggest that DuckDuckGo got whacked on September 4. DuckDuckGo joins Google in being censored and blocked in the nation. Google, after years of being throttled by China's Great Firewall since the web giant turned off its mainland China servers in 2010, was finally blocked totally in June this year.

Programmers do it bit by bit.

Working...