Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption

ACLU: Lavabit Was 'Fatally Undermined' By Demands For Encryption Keys 230

Posted by Soulskill from the understatement-of-the-century dept.
An anonymous reader writes "When encrypted email provider Lavabit shut down in August, it was because U.S. authorities demanded the company release encryption keys to get access to certain accounts. Lavabit's founder, Ladar Levison, is facing contempt of court charges for his refusal to acquiesce to their demands. But now the ACLU has filed a 'friend of the court' brief (PDF) in support of Levison, saying that the government's demand 'fatally undermined' the secure email service. 'Lavabit's business was predicated on offering a secure email service, and no company could possible tell its clients that it offers a secure service if its keys have been handed over to the government.' The ACLU added, 'The district court's contempt holding should be reversed, because the underlying orders requiring Lavabit to disclose its private keys imposed an unreasonable burden on the company. Although innocent third parties have a duty to assist law enforcement agents in their investigations, they also have a right not to be compelled "to render assistance without limitation regardless of the burden involved."' Lavabit is also defending itself by claiming a violation of the 4th amendment has occurred."
Bitcoin

FBI Seized 144,000 Bitcoins ($28.5 Million) From Silk Road Bust 162

Posted by Soulskill from the bet-he-wishes-he-cashed-out-sooner dept.
SonicSpike writes "An FBI official notes that the bureau has located and seized a collection of 144,000 bitcoins, the largest seizure of that cryptocurrency ever, worth close to $28.5 million at current exchange rates. It believes that the stash belonged to Ross Ulbricht, the 29-year-old who allegedly created and managed the Silk Road, the popular anonymous drug-selling site that was taken offline by the Department of Justice after Ulbricht was arrested earlier this month and charged with engaging in a drug trafficking and money laundering conspiracy as well as computer hacking and attempted murder-for-hire. The FBI official wouldn't say how the agency had determined that the Bitcoin 'wallet' — a collection of Bitcoins at a single address in the Bitcoin network — belonged to Ulbricht, but it was sure they were his. 'This is his wallet,' said the FBI official. 'We seized this from DPR,' the official added, referring to the pseudonym 'the Dread Pirate Roberts,' which prosecutors say Ulbricht allegedly used while running the Silk Road."
Piracy

Antigua Looks Closer To Legal "Piracy" of US-Copyrighted Works 327

Posted by timothy from the that'll-be-interesting dept.
Mark Gibbs writes "Shiver me timbers: Antigua and Barbuda's 'WTO Remedies Implementation Committee', is said to be recommending the establishment by the Government of Antigua & Barbuda of a statutory body to own, manage and operate the ultimate platform to be created for the monetisation or other exploitation of the suspension of American intellectual property rights authorised earlier this year by the WTO ... Additionally, an announcement regarding the opening of tenders for private sector participation in the operating of the platform should be announced shortly. Arghhh ... matey!" See also this Slashdot post (from 2007) for some background.
Government

Feds Confiscate Investigative Reporter's Confidential Files During Raid 622

Posted by Soulskill from the freedom-of-the-press-void-where-prohibited dept.
schwit1 writes "Using a warrant to search for guns, Homeland security officers and Maryland police confiscated a journalist's confidential files. The reporter had written a series of articles critical of the TSA. It appears that the raid was specifically designed to get her files, which contain identifying information about her sources in the TSA. 'In particular, the files included notes that were used to expose how the Federal Air Marshal Service had lied to Congress about the number of airline flights there were actually protecting against another terrorist attack,' Hudson [the reporter] wrote in a summary about the raid provided to The Daily Caller. Recalling the experience during an interview this week, Hudson said: 'When they called and told me about it, I just about had a heart attack.' She said she asked Bosch [the investigator heading the raid] why they took the files. He responded that they needed to run them by TSA to make sure it was 'legitimate' for her to have them. '"Legitimate" for me to have my own notes?' she said incredulously on Wednesday. Asked how many sources she thinks may have been exposed, Hudson said: 'A lot. More than one. There were a lot of names in those files. This guy basically came in here and took my anonymous sources and turned them over — took my whistleblowers — and turned it over to the agency they were blowing the whistle on,' Hudson said. 'And these guys still work there.'"
Privacy

Online Retailers Cruising Tor To Hunt For Fraudsters 188

Posted by samzenpus from the behind-the-curtain dept.
Daniel_Stuckey writes "This week, the verification company Service Objects announced a new tool to help websites detect 'suspicious' visitors using Tor and other anonymous proxies. Its updated DOTS IP Address Validation product identifies 'suspicious' discrepancies between the user's home location and the location of the IP address the order's coming from. It joins a handful of other tools on the market promising Tor-detection for retailers. It's a logical strategy: If you're trying to buy something with a stolen credit card, you're obviously going to want to block your real identity and location while doing it. But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online—particularly this year in light of the NSA-spying scandal."
Microsoft

Microsoft Makes It Harder To Avoid Azure 164

Posted by timothy from the psst-that-shade-of-blue-is-following-you dept.
itwbennett writes "Earlier this week, Microsoft rolled out a handful of hybrid cloud services that make it easy for businesses to start using Azure in a small way. What struck blogger Nancy Gohring about the announcement was 'how deeply Microsoft is integrating Azure into other products,' with the intention of moving long-time customers onto Azure in ways that are hardly perceptible to them."

Comment missing functionality (Score 2) 165

by SgtChaireBourne (#45129811) Attached to: Brazil Announces Secure Email To Counter US Spying

There is so much essential functionality missing from key management and encrypted e-mail, that it is in a barely usable state. For the Brazilian government, or any government for that matter, to provide end-to-end email encrytption for their own workers, so much more needs to be done.

Name me even one mail client or plug-in that can search encrypted messages, the body not just the metadata. Or how about re-keying stored messages? Federal employees often have an obligation to archive communications, but how will that fit with the recommended practice of re-keying? The list goes on.

E-mail encryption has been rather thoroughly thought through at the protocol level (thanks, Phil!) but when it comes to how it can be made to fit in with normal workflow, practically nothing has been done yet.

Comment Secret APIs (Score 3, Informative) 479

by SgtChaireBourne (#45112797) Attached to: Charlie Stross: Why Microsoft Word Must Die

Microsoft used secret APIs to give its programs an advantage over competitors. That had a big effect in the 1990's. It is apparently still going on in some things but we'll have to wait, as usual, a long time before it turns up in court records. And like before, the damage will have been done. The only way to stop it is to stop using M$ products.

You can find more like that if you wade through the material of the Comes V Microsoft case at the now archived Groklaw site. Basically anything bad that has been said about M$ and the people that work there is true.

Comment vpns (Score 1) 477

by SgtChaireBourne (#45079307) Attached to: HP CEO Meg Whitman To Employees: No More Telecommuting For You

And that was just a lame excuse. She obviously had other motives for cancelling telecommuting as there is no need for a VPN for real work. SSH does not require a VPN. Nor do version control systems (git, bzr, svn). Nor do HTTPS for the intranet or IMAPS for the mail. Not even SIP or Skype for calls needs a VPN.

VPNs only add an extra layer of complexity and add little to nothing in return. That goes double for PPTP, which is garbage.

So regardless if her telecommuters were productive or unproductive, VPN use is an irelevant metric.

Comment IRC helping to identify users (Score 1) 234

by SgtChaireBourne (#45049563) Attached to: How The NSA Targets Tor
Which makes me wonder why IRC is being pushed so much. It helps very much with the scenario you describe. Being centralized and synchronous, it is practical to pull the virtual plug on a targeted user and then see which name drops out of the channel. That was one thing that Usenet had going for it, it was decentralized and asynchronous, making it all but impossible to censor or even track specific users. Remember, not long ago it was part of the package of Internet access advertised by ISPs, it was a key part "getting on the Internet". Suddenly all that stopped. It would not be surprising if there were a little pressure on the ISPs to phase it out, including especially the text groups and not just from the MAFIAA over the dreaded binary groups.

Comment iptables -m limit (Score 1) 99

by SgtChaireBourne (#45049415) Attached to: The Hail Mary Cloud and the Lessons Learned

Please note that the author did not mention Denyhosts since his servers run OpenBSD, which incorporates DenyHosts functionality through ''pf'', its packet filter/firewall software (see the brute-force configuration of pf for more details).

You can do the same with iptables on Linux using the module "limit". See the manual page for "iptables-extensions" for the details. DenyHosts may have it's good points, but mostly it just complicates things. There is already a lot of functionality in the packet filter that you can use, whether on Linux or BSD.

However, what I see now, in contrast to years ago, are slower paced attacks. These come in steadily but at a rate that just passes under the threshold. One of these days I ought to look at what is blocked to see if it's just the slow ones getting through or if all the probes are now timed that way.

Slashdot Top Deals

Don't panic.

Close