leftover - Slashdot User

Submission + - How the government just protected some of your favorite podcasts (washingtonpost.com)

Submitted by schwit1 on Friday April 10, 2015 @08:24PM

schwit1 writes: When you're listening to your favorite podcast — This American Life, maybe, or Radiolab — patents are probably the last thing on your mind. But behind the scenes, the podcasting world has been living in fear of one particular patent that threatens to force many independent producers out of business.

Now, a government board has revoked key parts of that patent, handing a huge victory to podcasters.

Submission + - Google Lollipop Bricking Nexus 5 and Nexus 7 devices 2

Submitted by Zape on Friday April 10, 2015 @03:46PM

Zape writes: The Lollipop update has turned sour for me and several other Nexus 7, Gen 2 (and Nexus 5) owners. It seems that I'm not alone in having my tablet boot to the Google Logo since a couple of days after updating to Android 5.0.2. Now Nexus 5 owners are reporting a reboot loop in Android 5.1. My device, like many others, is a couple of months out of warranty, but worked great until the latest OTA update from Google. They branded it, and they updated it, but Google claims it is between the buyers and ASUS, the manufacturer.

Submission + - Microsoft: Feds are 'rewriting' the law to obtain emails overseas (thehill.com) 1

Submitted by Anonymous Coward on Friday April 10, 2015 @09:39AM

An anonymous reader writes: The Electronic Communications Privacy Act was written in 1986. It's incredibly outdated, yet it still governs many internet-related rights for U.S. citizens. Microsoft has now challenged Congress to update the legislation for how online communications work in 2015. The company is currently embroiled in a legal battle with the government over a court order to release emails stored in a foreign country to U.S. authorities. In a new legal brief (PDF), Microsoft says, "For an argument that purports to rest on the 'explicit text of the statute,’ the Government rewrites an awful lot of it. Congress never intended to reach, nor even anticipated, private communications stored in a foreign country when it enacted [the ECPA]." In an accompanying blog post, Microsoft general counsel Brad Smith wrote, "Until U.S. law is rewritten, we believe that the court in our case should honor well-established precedents that limit the government’s reach from extending beyond U.S. borders. ... To the contrary, it is clear Congress’s intent was to ensure that your digital information is afforded the same legal protections as your physical documents and correspondence, a principle we at Microsoft believe should be preserved."

Submission + - Amazon Gets Approval To Test New Delivery Drones (reuters.com)

Submitted by Anonymous Coward on Friday April 10, 2015 @09:18AM

An anonymous reader writes: Amazon has been vocal in its complaints about how slow the FAA is in approving drones for test flights. In March they were finally given permission to test a drone they had developed six months ago, and they said the drone was already obsolete. Their complaints appear to have worked — yesterday, the FAA gave permission to test a new, updated delivery drone. According to the FAA's letter (PDF), the drone must stay at an altitude of less than 400 feet and at speeds of less than 100 mph.

Submission + - DARPA To Create Software Systems That Last 100 Years

Submitted by Anonymous Coward on Friday April 10, 2015 @09:10AM

An anonymous reader writes: DARPA announced it will launch an ambitious four-year research project to investigate the fundamental computational and algorithmic requirements necessary for software systems and data to remain robust and functional in excess of 100 years.

Submission + - The 'Page 63' Backdoor to Elliptic Curve Cryptography 3

Submitted by CRYPTIS on Thursday April 09, 2015 @04:21PM

CRYPTIS writes: The security of Elliptic curve cryptography is facilitated by the perceived 'hard' problem of cracking the Discrete Logarithm Problem (DLP) for any given curve. Historically, for FIPS (Federal Information Processing Standards) compliance it was required that your curves conformed to the FIPS186-2 document located at http://csrc.nist.gov/publicati... . Page 63 of this specifies that the 'a' and 'b' elliptic curve domain parameters should conform to the mathematical requirement of c*b^2 = a^3 (mod p).

Interestingly, back in 1982, A. M. Odlyzko, of AT & T Bell Laboratories, published a document entitled “Discrete logarithms in finite fields and their cryptographic significance” ( http://www.dtc.umn.edu/~odlyzk... ). Page 63 of this document presents a weak form of the DLP, namely a^3 = b^2*c (mod p).

It seems then, that the National Institute of Standards and Technology (NIST), driven in turn by the NSA, have required that compliant curves have this potentially weak form of the DLP built in; merely transposing the layout of the formula in order to obtain what little obfuscation is available with such a short piece of text.

Submission + - Ten U.S. senators seek investigation into the replacement of U.S. tech workers (computerworld.com)

Submitted by dcblogs on Thursday April 09, 2015 @03:58PM

dcblogs writes: Ten U.S. senators, representing the political spectrum, are seeking a federal investigation into displacement of IT workers by H-1B-using contractors. They are asking the U.S. Department of Justice, the Department of Homeland Security and the Labor Department to investigate the use of the H-1B program "to replace large numbers of American workers" at Southern California Edison (SCE) and other employers. The letter to Attorney General Eric Holder and the secretaries of the two other departments, was signed by U.S. Sen. Chuck Grassley (R-Iowa), chairman of the Senate Judiciary Committee, which has oversight over the Justice Department. The other signers are Sens. Richard Durbin (D-Ill.), a longtime ally of Grassley on H-1B issues; Jeff Sessions (R-Ala.), Richard Blumenthal (D-Conn.), Sherrod Brown (D-Ohio), David Vitter (R-La.), Claire McCaskill (D-Mo.), Bill Cassidy (R-La.), Bernard Sanders (I-Vt.), James Inhofe (R-Okla.). Neither California senator signed on. "Southern California Edison ought to be the tipping point that finally compels Washington to take needed actions to protect American workers," Sessions said. Five hundred IT workers at SCE were cut, and many had to train their replacements.

Comment Maybe start with the No-Fly list? (Score 3) 75

by leftover on Thursday April 09, 2015 @03:27PM (#49441351) Attached to: FTC Creates Office Dedicated To "Algorithmic Transparency"

All the "suspected terrorist" lists are notorious for their unrestricted inclusion/non-existent removal policies, none more so than the No-Fly list.

It might not be glamorous to review a blank 'algorithm' but it would be a significant step for transparency in government. That is where the focus should be. We need to make a lot of noise to support this point of view. Otherwise all the usual race-baiters and niche-problem whiners will disperse and ruin what could have become a powerful tool.

Submission + - NORAD moving comms gear back to Cheyenne Mountain (yahoo.com)

Submitted by schwit1 on Wednesday April 08, 2015 @07:28PM

schwit1 writes: The US military command that scans North America's skies for enemy missiles and aircraft plans to move its communications gear to a Cold War-era mountain bunker, officers said.

The shift to the Cheyenne Mountain base in Colorado is designed to safeguard the command's sensitive sensors and servers from a potential electromagnetic pulse (EMP) attack, military officers said.

Comment Double the Outrage (Score 4, Interesting) 92

by leftover on Wednesday April 08, 2015 @05:36PM (#49432955) Attached to: AT&T Call Centers Sold Mobile Customer Information To Criminals

1. Only $25M for that egregious violation??

2. And that is the *LARGEST* penalty ever????

Token penalties like that are equivalent to declaring a free-for-all-big-corps.

Submission + - The Courage of Bystanders Who Press 'Record'

Submitted by HughPickens.com on Wednesday April 08, 2015 @03:11PM

HughPickens.com writes: Robinson Meyer writes in The Atlantic that in the past year, after the killings of Michael Brown and Tamir Rice, many police departments and police reformists have agreed on the necessity of police-worn body cameras. But the most powerful cameras aren’t those on officer’s bodies but those wielded by bystanders. We don’t yet know who shot videos of officer officer, Michael T. Slager, shooting Walter Scott eight times as he runs away but "unknown cameramen and women lived out high democratic ideals: They watched a cop kill someone, shoot recklessly at someone running away, and they kept the camera trained on the cop," writes Robinson. "They were there, on an ordinary, hazy Saturday morning, and they chose to be courageous. They bore witness, at unknown risk to themselves."

“We have been talking about police brutality for years. And now, because of videos, we are seeing just how systemic and widespread it is,” tweeted Deray McKesson, an activist in Ferguson, after the videos emerged Tuesday night. “The videos over the past seven months have empowered us to ask deeper questions, to push more forcefully in confronting the system.” The process of ascertaining the truth of the world has to start somewhere. A video is one more assertion made about what is real concludes Robinson. "Today, through some unknown hero’s stubborn internal choice to witness instead of flee, to press record and to watch something terrible unfold, we have one more such assertion of reality."

Submission + - With H-1B Cap Hit, Zuckerberg and Ballmer-Led Groups Press for More Tech Visas

Submitted by theodp on Tuesday April 07, 2015 @11:44PM

theodp writes: With the FY2016 H-1B visa cap reached in the first week of April (only the USCIS knows how many applications were submitted by outsourcing companies and from Bentonville, AR), it's no surprise that groups like Mark Zuckerberg's FWD.us PAC and Steve Ballmer's Partnership for a New American Economy Action Fund are pooh-poohing Jesse Jackson's claims that foreign high-tech workers are taking American jobs, and promoting the idea that what's really holding back Americans from jobs is a lack of foreign tech workers with H-1B visas. What is kind of strange, though, is the photo of a young black male (his American job presumably created by high-skilled immigrants) that occupies most of the first page of the three-page H-1B Employment Effect "research brief" touted by the groups, which is identical to one that graces the website of a UK memory distributor, except it's been photoshopped from color to civil-rights-era-black-and-white to produce the H-1B Poster Child version. So, do America's tech billionaires need to be reminded that it's not cool to manipulate images to fake racial diversity?

Submission + - US Gov Investigating Highly Sophisticated Russian Hack Of White House (cnn.com)

Submitted by Anonymous Coward on Tuesday April 07, 2015 @06:29PM

An anonymous reader writes: The FBI, US Secret Service, and US intelligence agencies are investigating a highly sophisticated hack of White House systems that support the executive office of the President. The attack leveraged the existing compromise of the US State Department network which may still be unresolved, and raises further questions about Hillary Clinton's use of a private email server for her official responsibilities. The attack on the White House is thought to have begun with a phishing email attack. The attack was routed through computers around the world, but signs point to hackers working for the Russian government. Although the systems compromised were not classified they contained data considered to be highly sensitive, including detailed information on President Obama's schedule. US officials have been surprised by the aggressiveness of Russian hackers in recent months. Two months ago Director of National Intelligence James Clapper told a Senate committee that the "Russian cyberthreat is more severe than we have previously assessed." This comes at a time when Russia is increasing flexing its military muscle by supporting separatists in Ukraine, more aggressive probes by Russian bombers and fighter jets along the borders of Baltic nations, the UK, and US, and President Putin's recent revelation that he was willing to order Russia's nuclear combat forces to alert to ensure the success of Russia's covert invasion and annexation of Ukraine's Crimea region.

Submission + - U.S. started keeping secret records of international telephone calls in 1992 (usatoday.com)

Submitted by schwit1 on Tuesday April 07, 2015 @05:02PM

schwit1 writes: Starting in 1992, the Justice Department amassed logs of virtually all telephone calls from the USA to as many as 116 countries

The now-discontinued operation, carried out by the DEA's intelligence arm, was the government's first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans' privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago.

More than a dozen current and former law enforcement and intelligence officials described the details of the Justice Department operation to USA TODAY. Most did so on the condition of anonymity because they were not authorized to publicly discuss the intelligence program, part of which remains classified.

The DEA program did not intercept the content of Americans' calls, but the records â" which numbers were dialed and when â" allowed agents to map suspects' communications and link them to troves of other police and intelligence data. At first, the drug agency did so with help from military computers and intelligence analysts.

The operation had "been approved at the highest levels of Federal law enforcement authority," including then-Attorney General Janet Reno and her deputy, Eric Holder.

Submission + - Research Finds Shoddy Security on Connected Home Gateways (securityledger.com)

Submitted by chicksdaddy on Tuesday April 07, 2015 @10:48AM

chicksdaddy writes: Connected home products are the new rage. But how do you connect your Nest thermostat, your DropCam surveillance device and your Chamberlin MyQ "smart" garage door opener? An IoT hub, of course. But not so fast: a report from the firm Veracode (https://info.veracode.com/whitepaper-the-internet-of-things-poses-cybersecurity-risk.html ) may make you think twice about deploying one of these IoT gateways in your home.

As The Security Ledger reports (https://securityledger.com/2015/04/research-iot-hubs-expose-connected-homes-to-hackers/), Veracode researchers found significant security vulnerabilities in each of six IoT gateways they tested, suggesting that manufacturers are giving short shrift to security considerations during design and testing.

The flaws discovered ranged from weak authentication schemes (pretty common) to improper validation of TLS and SSL certificates, to gateways that shipped with exposed debugging interfaces that would allow an attacker on the same wireless network as the device to upload and run malicious code. Many of the worst lapses seem to be evidence of insecure design and lax testing of devices before they were released to the public, Brandon Creighton, Veracode’s research architect, told The Security Ledger.

This isn't the first report to raise alarms about IoT hubs. In October, the firm Xipiter published a blog post (http://www.xipiter.com/musings) describing research into a similar hub by the firm VeraLite. Xipiter discovered that, among other things, the VeraLite device shipped with embedded SSH private keys stored in immutable areas of the firmware used on all devices.

Slashdot Top Deals