thegameiam - Slashdot User

Submission + - XKEYSCORE: NSA'S Google for the World's Private Communications (firstlook.org)

Submitted by Advocatus Diaboli on Wednesday July 01, 2015 @06:36PM

Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."

also

"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

8 Yelp Reviewers Hit With $1.2 Million Defamation Suits 210

Posted by timothy on Tuesday June 30, 2015 @09:33AM from the slapp-on-the-back dept.

New submitter goodboi writes: A Silicon Valley building contractor is suing 8 of its critics over the reviews they posted on Yelp. The negative reviews were filtered out by Yelp's secretive ranking system, but in court documents filed earlier this month, Link Corporation claims that the bad publicity cost over $165,000 in lost business.

Comment not a question (Score 1) 111

by thegameiam on Monday June 29, 2015 @04:19PM (#50014171) Attached to: Interviews: Ask Steve Jackson About Designing Games

I just wanted to say "thanks" for many, many hours playing your games. Well done, sir!

To Learn (Or Not Learn) JQuery 126

Posted by samzenpus on Monday June 29, 2015 @04:05PM from the that-is-the-question dept.

Nerval's Lobster writes: jQuery isn't without its controversies, and some developers distrust its use in larger projects because (some say) it ultimately leads to breakage-prone code that's harder to maintain. But given its prevalence, jQuery is probably essential to know, but what are the most important elements to learn in order to become adept-enough at it? Chaining commands, understanding when the document is finished loading (and how to write code that safely accesses elements only after said loading), and learning CSS selectors are all key. The harder part is picking up jQuery's quirks and tricks, of which there are many... but is it worth studying to the point where you know every possible eccentricity?

SCOTUS Denies Google's Request To Appeal Oracle API Case 181

Posted by samzenpus on Monday June 29, 2015 @02:35PM from the I-don't-want-to-hear-it dept.

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

Comment Re:Add one more colour (Score 1) 171

by globaljustin on Friday June 26, 2015 @04:15AM (#49993011) Attached to: Students Win Prize For Color-Changing Condoms That Detect STDs

Red for stupidity.

thank you for capturing my thoughts on this so succinctly...

it's an **awful idea**

Comment fully half baked (Score 1) 171

by globaljustin on Friday June 26, 2015 @04:14AM (#49993007) Attached to: Students Win Prize For Color-Changing Condoms That Detect STDs

the idea might be a bit half-baked

imho, it's not a bit half-baked, it's all the way...*this idea is awful*

my first thought was, in order to detect on females you have to have intercourse first, which kind of defeats the purpose...also, checking the color (i can just see the antics w/ attempting to use a cell phone light...) is also going to be more awkward than any of the alternatives

these ideas never leave the concept stage

if something like a condom can indicate this, just make a test swab or something...it's already awkward having to stop and turn on the light to check the color...

Comment terrible OS (Score 0, Troll) 289

by globaljustin on Wednesday June 24, 2015 @09:34AM (#49976793) Attached to: Samsung Cripples Windows Update To Prevent Incompatible Drivers

But Microsoft is the one who dictates what technology Samsung must play nice with...

The difficulty is first with Microsoft, and Samsung's 'fix' wouldn't be necessary without it.

This isn't the first time an OEM has compromised the security of its users.

Blame has to go to Microsoft *first*...it's illogical to blame the cart for something the horse chose to do.

Comment Re:All nurture. 100%. (Score 1) 490

by thegameiam on Monday June 22, 2015 @12:52PM (#49962973) Attached to: Are Girl-Focused Engineering Toys Reinforcing Gender Stereotypes?

nitpick - the Victorian pink really was just pale red, rather than the crazy hot pink we have nowadays (hooray for synthetics!).

Your point stands.

Comment Re:Wow, just wow... (Score 1) 490

by thegameiam on Monday June 22, 2015 @12:50PM (#49962943) Attached to: Are Girl-Focused Engineering Toys Reinforcing Gender Stereotypes?

I basically agree, but have a nitpick: the old boy's color was more red than pink - since the advent of synthetic colors we have a lot more variety. Blue was definitely a girly color in the past.

NIST Workshop Explores Automated Tattoo Identification 71

Posted by Soulskill on Monday June 22, 2015 @10:16AM from the database-of-regret dept.

chicksdaddy writes: Security Ledger reports on a recent NIST workshop dedicated to improving the art of automated tattoo identification. It used to be that the only place you'd commonly see tattoos was at your local VA hospital. No more. In the last 30 years, body art has gone mainstream. One in five adults in the U.S. has one. For law enforcement and forensics experts, this is a good thing; tattoos are a great way to identify both perpetrators and their victims. Given the number and variety of tattoos, though, how to describe and catalog them? Clearly this is an area where technology can help, but it's also one of those "fuzzy" problems that challenges the limits of artificial intelligence.

The National Institute of Standards and Technology (NIST) Tattoo Recognition Technology Challenge Workshop challenged industry and academia to work towards developing an automated image-based tattoo matching technology. Participating organizations in the challenge used a FBI -supplied dataset of thousands of images of tattoos from government databases. They were challenged to develop methods for identifying a tattoo in an image, identifying visually similar or related tattoos from different subjects; identifying the same tattoo image from the same subject over time; identifying a small region of interest that is contained in a larger image; and identifying a tattoo from a visually similar image like a sketch or scanned print.

3D Printing Might Save the Rhinoceros 163

Posted by timothy on Monday June 22, 2015 @01:12AM from the social-networks-might-save-the-whales dept.

GordonShure.com writes: San Francisco based biotech startup Pembient have released details of their 3D printing led method to derail the market for Rhinoceros horns. Presently the bulk of demand originates from China, where said horns — gathered in the wild by poachers who usually kill the rhinos — are revered for supposed medicinal qualities. The new firm intends to mix keratin with Rhino DNA, then machine the combination with a 3D printer in a way that their counterfeit horns are difficult to detect by customers and traffickers alike.

The company already mulls expanding its production principle to other, lucrative wild animal trades such as the claws of tigers and lions. Pembient is however a young company — for all their ingenuity, will their ambitions to take on such a colossal black market be realized?

Comment defining "computer security" for your clients (Score 1) 53

by globaljustin on Thursday June 18, 2015 @03:54AM (#49935257) Attached to: Interviews: Ask Brian Krebs About Security and Cybercrime

Mr. Krebs, thank you for the time.

My question is about defining "computer security" in relation to public perceptions vs technical facts.

It was reported in 2006 that the NSA was keeping massive databases of American's phone calls and metadata: http://yahoo.usatoday.com/news...

Obviously, Snowden's revelations were much more heavily reported, and contained more info, but the public was shocked at information that was already public.

When it comes to cyber security customers, how do you explain and contextualize what service you are providing given the vast differences in perception of "security"?

Comment Re:They are hiding the truth... (Score 1) 81

by Tom on Saturday June 13, 2015 @06:44PM (#49905883) Attached to: Germany Abandons Investigation Into NSA Spying on Chancellor Merkel

Heck, we aren't talking about some banana republic here. Or are we?

I see you're not up to date with current german politics. We are.

Merkel doesn't give a flying fuck because she really doesn't give a fuck about anything. She was trained very well how to get into and stay in power, and that's the only thing she's doing. Every move of her makes sense if you analyze it from that perspective. This is no different - big trouble with the USA is not a career-improving path, but the people of Germany are too forgiving and will let her and her party get away with all this shit.

Comment Re:How much crap before Slashdot becomes useless? (Score 1) 263

by Thing 1 on Friday June 12, 2015 @02:12AM (#49896469) Attached to: How Much Python Do You Need To Know To Be Useful?

How much Slashdot do we need to know in order to be called a geek?

Natalie Portman and grits.

Jon Katz.

You insensitive clod.

In soviet Russia, ...

The eponymous effect.

Libraries of Congress (per second).

Wesley Crusher.

Slashdot Top Deals