Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Exclusive: Secret contract tied NSA and security industry pioneer (reuters.com)

Submitted by Lasrick
Lasrick writes: As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Submission + - NSA Spied Upon: 60 Countries, Unicef, EU Competition Commissioner & Israeli

Submitted by mrspoonsi
mrspoonsi writes: BBC Reports: More details of people and institutions targeted by UK and US surveillance have been published by The Guardian, The New York Times and Der Spiegel. The papers say that the list of around 1,000 targets includes a European Union commissioner, humanitarian organisations and an Israeli PM. They suggest over 60 countries were targets of the NSA and Britain's GCHQ. GCHQ monitored the communications of foreign leaders — including African heads of state and sometimes their family members — and directors of United Nations and other relief programmes. The paper reports that the emails of Israeli officials were monitored, including one listed as "Israeli prime minister". The PM at the time, 2009, was Ehud Olmert. The Dutch Liberal MEP Sophia in 't Veld described the latest claims as "shocking". "The UK spying on its fellow EU member states in order to get an economic advantage is simply unacceptable"

Submission + - A Plan to Fix Daylight Savings Time by Creating Two National Time Zones

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com writes: Allison Schrager writes in the Atlantic that losing another hour of evening daylight isn't just annoying. It's an economically harmful policy with minimal energy savings. "The actual energy savings are minimal, if they exist at all. Frequent and uncoordinated time changes cause confusion, undermining economic efficiency. There’s evidence that regularly changing sleep cycles, associated with daylight saving, lowers productivity and increases heart attacks." So here's Schrager's proposal. This year, Americans on Eastern Standard Time should set their clocks back one hour (like normal), Americans on Central and Rocky Mountain time do nothing, and Americans on Pacific time should set their clocks forward one hour. This will result in just two time zones for the continental United States and the east and west coasts will only be one hour apart. "America already functions on fewer than four time zones," says Schrager. "I spent the last three years commuting between New York and Austin, living on both Eastern and Central time. I found that in Austin, everyone did things at the same times they do them in New York, despite the difference in time zone. People got to work at 8 am instead of 9 am, restaurants were packed at 6 pm instead of 7 pm, and even the TV schedule was an hour earlier. " Research based on time use surveys found American’s schedules are already determined more by television than daylight suggesting, in effect, that Americans already live on two time zones. Schrager says that this strategy has already been proven to work in other parts of the world. China has been on one time zone since 1949, despite naturally spanning five time zones and in 1983, Alaska, which naturally spans four time zones, moved most of the state to a single time zone. "It sounds radical, but it really isn’t. The purpose of uniform time measures is coordination. How we measure time has always evolved with the needs of commerce.," concludes Schrager. "Time is already arbitrary, why not make it work in our favor?"

Submission + - How I compiled TrueCrypt for Windows and matched the official binaries (concordia.ca) 1

Submitted by xavier2dc
xavier2dc writes: TrueCrypt is a popular software enabling data protection by means of encryption for all categories of users. It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way. This has led several concerns raised in different places, such as this blog post (http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/), this one (http://brianpuccio.net/excerpts/is_truecrypt_really_safe_to_use), this security analysis (https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf) also related on that blog post (http://blog.cryptographyengineering.com/2013/10/lets-audit-truecrypt.html) from which the IsTrueCryptAuditedYet? (http://istruecryptauditedyet.com/) was born.

One of the recurring questions is: What if the binaries provided on the website were different than the source code and they included hidden features? To address this issue, I built the software from the official sources in a careful way and was able to match the officials binaries. According to my findings, all three recent major versions (v7.1a, v7.0a, v6.3a) exactly match the sources.

Submission + - Huawei Using NSA Scandal to Turn Tables on Accusations of Spying (slashdot.org) 2

Submitted by Nerval's Lobster
Nerval's Lobster writes: Huawei Technologies, the Chinese telecom giant banned from selling to U.S. government agencies due to its alleged ties to Chinese intelligence services, is trying to turn the tables on its accusers by offering itself as a safe haven for customers concerned that the NSA has compromised their own IT vendors. “We have never been asked to provide access to our technology, or provide any data or information on any citizen or organization to any Government, or their agencies,” Huawei Deputy Chairman Ken Hu said in the introduction to a 52-page white paper on cybersecurity published Oct. 18. Huawei was banned from selling to U.S. government entities and faced barriers to civilian sales following a 2012 report from the U.S. House of Representatives that concluded Huawei’s management had not been forthcoming enough to convince committee members to disregard charges it had given Chinese intelligence services backdoors into its secure systems and allowed Chinese intelligence agents to pose as Huawei employees. But the company promises to create test centers where governments and customers can test its products and inspect its services as part of an “open, transparent and sincere” approach to questions about its alleged ties, according to a statement in the white paper from Huawei CEO Ren Zhengfei. Can Huawei actually gain more customers by playing off the Snowden scandal?

Submission + - Security Researchers Want to Fully Audit Truecrypt

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com writes: TrueCrypt has been one of the trusty tools in a security-minded user’s toolkit for nearly a decade — but there's one problem: no one knows who created the software and no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. "Lots of people use it to store very sensitive information," writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. "That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this." According to Green, Truecrypt "does some damned funny things that should make any (correctly) paranoid person think twice." The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. "As it can't be ruled out that the published Windows executable of Truecrypt 6.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door." Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. “We're now in a place where we have nearly, but not quite enough to get a serious audit done."

Submission + - LinkedIn Agrees to Block Stalkers (boxfreeit.com.au) 2

Submitted by sholto
sholto writes: When Buzzfeed wrote about LinkedIn's stalker problem in June, LinkedIn claimed it had enough privacy tools "to effectively minimize unwanted connections". But a petition by a 24-year-old Ohio woman sexually assaulted by her boss and harassed through the network appears to have won the day for privacy advocates.
“Users on Facebook, Twitter, Pinterest and other sites can easily block other users. LinkedIn appears to be an outlier among other top social media sites,” said petitioner Anna R.

Submission + - Schneier: We Need To Relearn How To Accept Risk (schneier.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: Bruce Schneier has written an article about how our society is becoming increasingly averse to risk as we invent technological solutions to it. 'Risk tolerance is both cultural and dependent on the environment around us. As we have advanced technologically as a society, we have reduced many of the risks that have been with us for millennia. Fatal childhood diseases are things of the past, many adult diseases are curable, accidents are rarer and more survivable, buildings collapse less often, death by violence has declined considerably, and so on. All over the world — among the wealthier of us who live in peaceful Western countries — our lives have become safer.' This has led us to overestimate both the level of risk from unlikely events and also our ability to curtail it. Thus, trillions of dollars are spent and vital liberties are lost in misguided efforts to make us safer. 'We need to relearn how to recognize the trade-offs that come from risk management, especially risk from our fellow human beings. We need to relearn how to accept risk, and even embrace it, as essential to human progress and our free society. The more we expect technology to protect us from people in the same way it protects us from nature, the more we will sacrifice the very values of our society in futile attempts to achieve this security.'

Submission + - Whats the Real story in Syria? (kforcegov.com) 2

Submitted by BigLonn
BigLonn writes: Apparently the "NightWatch" a blog published by Kforce, Inc. has some unsettling observations on what the mainstream media is not covering in the Syrian chemical attack, that points to the possiblity of a misinformation campaign concerning the entire story. Normally I wouldn't put much stock in this but Kforce, Inc. is a Fed Contractor.

Submission + - Area 51 No Longer (Officially) a Secret 2

Submitted by schnell
schnell writes: The first-ever declassified story of Area 51's origin is now available, thanks to a Freedom of Information Act filed years ago by George Washington University's National Security Archive. The (only lightly redacted) document is actually primarily a history of the U-2 and A-12 ("Oxcart") spy plane programs from the Cold War, but is remarkable for being the first-ever official unclassified acknowledgement of the Area 51's purpose and its role in the program. Interesting tidbits include that the U-2 program was kicked off with a CIA check mailed personally to Lockheed Skunk Works chief Kelly Johnson for $1.25M; a U-2 was launched off an aircraft carrier to spy on French nuclear tests; and the U-2 delivery program itself was actually done under budget, a rarity for secret government programs then or now.

Submission + - Government Admits Area 51 Exists Sans Aliens

Submitted by voul
voul writes: Philip Bump in an article writes the government admits the existence of Area 51. 'Newly declassified documents, obtained by George Washington University's National Security Archive, appear to for the first time acknowledge the existence of Area 51,' Bump writes. 'Hundreds of pages describe the genesis of the Nevada site that was home to the government's spy plane program for decades. The documents do not, however, mention aliens. '

Submission + - New Zealand Government About to Legalize Spying on NZ Citizens

Submitted by Flere Imsaho
Flere Imsaho writes: After admitting they have illegally spied on NZ citizens or residents 88 times since 2003, the government, in a stunning example of arse covering, is about to grant the GCSB the right to intercept the communications of New Zealanders in its role as the national cyber security agency, rather than examine the role the GCSB should play and then look at the laws. There has been strong criticism from many avenues http://www.stuff.co.nz/dominion-post/news/politics/8929715/Calls-widen-for-GCSB-law-probe
The bill is being opposed by Labor and the Greens http://www.radionz.co.nz/news/political/215154/labour,-greens-say-gcsb-bill-remains-flawed, but it looks like National now have the numbers to get this passed. http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10901674

Of course, the front page story is all about the royal baby, with this huge erosion of privacy relegated to a small article near the bottom of the front page. Three cheers, the monarchy is secure, never mind the rights of the people. More bread and circuses anyone?

Submission + - Some 13 years after the DeCSS case, Congressional IT endorses VLC (project-disco.org)

Submitted by robp
robp writes: After a link to VLC showed up in one of HBO's DMCA takedown requests, I recalled how often I've linked to VLC in my own copy, and how often I've seen that app noted across traditional-media outlets--even though you could make the same arguments against linking to it that Judge Kaplan bought in 2000. Now, though, even the House's own IT department not only links to this CSS-circumventing app but endorses it. Question is, what led to this enlightenment?

Slashdot Top Deals

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Close