scanman1 - Slashdot User

Submission + - Irony: Google's CIO doesn't let employees use "consumer-grade" cloud services (citeworld.com)

Submitted by mattydread23 on Monday October 14, 2013 @02:13PM

mattydread23 writes: This takes the cake. In an interview with AllThingsD this weekend, Google CIO Ben Fried explained that he "can't let employees mess around with consumer-grade technology" and that he won't let employees use Dropbox because "when your users use it in a corporate context, your corporate data is being held in someone else’s data center." This from the CIO of the company that has done more to push consumer-grade cloud services into the enterprise than anybody else. Apparently it's "do as we say, not as we do."

Submission + - Drone flier cops $10K fine from FAA

Submitted by NewtonsLaw on Friday October 11, 2013 @12:13AM

NewtonsLaw writes: Raphael Pirker, otherwise known as "Trappy" is the guy who flew his RC model plane over the Statue of Liberty and parts of NYC a little while back and got a lot of media attention in the process.

Trappy has travelled the world with his FPV RC models, getting some stunning footage that has been posted to his YouTube channel.

On occasion, he has been commissioned to make specific flights and take aerial video of particular locations — professionally but this is something that the FAA considers to be involation of their policies (note: policies — NOT the law). After a recent commissioned flight around the University of Virginia, the FAA hit Trappy with a $10K fine, alleging that he was operating a UAS without the necessary authority and had been reckless in his actions, creating danger to person and property.

More background and info on this can be found in this Wired.com story and this sUAS News report which lists the exact charges.

While it could be argued that Trappy's flying may have been a little reckless, the defense from his lawyer is that no LAWS were broken — because there are no laws pertaining to these craft.

I posted a YT video-rant about how the FAA (and other airspace administrators around the world) are failing to do their jobs and have instigated "policies" rather than create proper laws in respect to this new technology. I also argue the point that it's ridiculous that, in the eyes of the FAA, a small RC plane suddenly becomes a UAS and is treated as being the same as a Predator drone in respect to its potential as a threat to public safety. I won't post a link to the video (don't want to be a whore) but I'm sure folk can find it if they're interested.

The bottom line is that in equating a small RC flying wing made of foam with an evil baby-killing Predator drone, the FAA is way, way out of touch with reality and way-behind the game in respect to making reasonable and effective laws in this area. Also, by relying on "policy", they are allowed to play judge and jury so can apply unfettered bias and prejudice in their actions with impunity.

Submission + - Fog clears around encrypted email provider Lavabit court documents (nytimes.com)

Submitted by snowtigger on Thursday October 03, 2013 @04:17AM

snowtigger writes: The New York Times reports that on Wednesday, a federal judge unsealed documents in the case (covered here), allowing the tech entrepreneur to speak candidly for the first time about his experiences. Among other things, a court order required provide the F.B.I. with “technical assistance,” which agents told him meant handing over the private encryption keys, technically called SSL certificates, that unlock communications for all users.

Submission + - US Shutdown Is Good News For Patent Trolls (techweekeurope.co.uk)

Submitted by judgecorp on Wednesday October 02, 2013 @06:12AM

judgecorp writes: It's just a sidebar on the US government shutdown but, while agencies including NASA and NIST are displaying blank websites, the US Patent and Trademark Office is running as normal because its funding is guaranteed by the US consitution. Thus, patent trolls can continue to file bogus business patents, while the FTC is closed and can't combat them, and the Department of Justice can't handle appeals and enforcement.

Submission + - German NSA critic denied entry to the US

Submitted by Anonymous Coward on Wednesday October 02, 2013 @04:48AM

An anonymous reader writes: Major newspapers in Germany (FAZ, Die Welt, SZ, ...) and the Huffington Post report that the author Ilja Trojanow has been denied to board a plane from Salvador da Bahia to the US where he was invited to attend a conference. He had ESTA documents showing that his visit was approved as part of the Visa Waiver Program and was last year given a visa to teach at the university of Saint Louis. Trojanow was one of the initiators of an open letter urging Chancellor Merkel to take actions against NSA surveillance in Germany.

Submission + - Symantec seizes part of massive botnet used for BitCoin mining and click fraud (computerworld.com.au)

Submitted by angry tapir on Monday September 30, 2013 @09:55PM

angry tapir writes: The cybercriminals behind ZeroAccess, one of the largest botnets in existence, have lost access to more than a quarter of the infected machines they controlled because of an operation executed by security researchers from Symantec. According to Symantec, the ZeroAccess botnet consists of more than 1.9 million infected computers and is used primarily to perform click fraud and Bitcoin mining in order to generate revenues estimated at tens of millions of dollars per year.

Submission + - Security Researchers Rewarded with $12.50 Voucher to Buy Yahoo T-Shirt 2

Submitted by Hugh Pickens DOT Com on Monday September 30, 2013 @07:45PM

Hugh Pickens DOT Com writes: More and more companies are offering Bug Bounty Programs remunerating security researchers for reporting vulnerabilities and weaknesses in their applications and software. Now Security analyst Graham Cluley writes that researchers at High-Tech Bridge informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains. According to High-Tech Bridge, each of the vulnerabilities could compromise *any* @yahoo.com email account. All that was required was that the victim, while logged into Yahoo, should click on a specially-crafted link received in an email. Forty-eight hours later, Yahoo had patched all of the vulnerabilities and Yahoo’s security team responded, thanking the researchers and "offering the mighty bounty of err.. $12.50 per vulnerability," writes Cluley. But there was one catch. The $12.50 was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo’s corporate t-shirts, cups, pens and other accessories. "Such a risible reward is unlikely to win Yahoo any friends and could – if anything – make it less likely that the site will gain the assistance of white-hats in future," wrote Cluley. “If Yahoo cannot afford to spend money on its corporate security, it should at least try to attract security researchers by other means," wrote Ilia Kolochenko, the CEO of High-Tech Bridge. "Otherwise, none of Yahoo’s customers can ever feel safe.”

Submission + - RSA warns developers not to use RSA products (cryptographyengineering.com)

Submitted by Weezul on Saturday September 21, 2013 @04:15AM

Weezul writes: "RSA has recommended that developers desist from using the Dual_EC_DRBG random number generator — which happens to be the default in RSA's BSafe cryptographic toolkit." "Dual_EC_DRBG is the random number generator voted most likely to be backdoored by the NSA."

Submission + - Given Recent Crypto Revelations, 'Everything is Suspect' (threatpost.com)

Submitted by Gunkerty Jeb on Friday September 20, 2013 @02:50PM

Gunkerty Jeb writes: So now that RSA Security has urged developers to back away from the table and stop using the maligned Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG) algorithm, the question begging to be asked is why did RSA use it in the first place?

Going back to 2007 and a seminal presentation at the CRYPTO conference by Dan Shumow and Niels Ferguson, there have been suspicions about Dual EC DRBG primarily because it was backed by the National Security Agency, which initially proposed the algorithm as a standard. Cryptographer Bruce Schneier wrote in a 2007 essay that the algorithm contains a weakness that “can only be described as a backdoor.”

“I wrote about it in 2007 and said it was suspect. I didn’t like it back then because it was from the government,” Schneier told Threatpost today. “It was designed so that it could contain a backdoor. Back then I was suspicious, now I’m terrified.

Submission + - Microsoft bought Nokia to stop Android based Lumias (androidanalyse.com)

Submitted by Gumbercules!! on Monday September 16, 2013 @09:52PM

Gumbercules!! writes: It’s long been assumed that Nokia was on its last legs in any case, although there was some positive news of late, with strong growth in the last quarter and positive sales figures for the first time in years. None the less, a Microsoft take-over was always a definite option on the horizon – something probably only held off this long because Microsoft didn’t want to scare off other OEMs. Given the waning desire from the Asian OEMs, however, Microsoft’s options were becoming very limited.

However new information has come to light, indicating that Nokia was very close to moving to Android – so close, in fact, that Microsoft seemingly had to buy them out or lose virtually their entire market share (currently around 5%) overnight. According to the New York Times, development and testing of Android on the Lumia range of handsets was so advanced that the team responsible for it already had stable and ready to go units.

Submission + - UK Cryptographers Call For UK, US Gov to Out Weakened Products

Submitted by Trailrunner7 on Monday September 16, 2013 @12:09PM

Trailrunner7 writes: A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.”

The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.

“We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures," the letter says.

Submission + - Njw0rm RAT Spreads Via USB, Steals No-IP Credentials (threatpost.com)

Submitted by msm1267 on Wednesday September 04, 2013 @09:51AM

msm1267 writes: Remote access Trojans, or RATs, are typically stay-at-home creatures. Central to a good many targeted attacks for their ability to steal data from compromised computers, RATs aren’t generally built with the capability to spread to more machines.
A variant of njRAT, however, has broken that mold. Likely written by the same author, njw0rm features all of the same data-stealing capabilities of its forerunner, except this one can detect whether a removable storage device such as a USB drive is connected to the machine and it attempts to copy itself to the device in the hope of spreading to more machines.
Njw0rm also has an appetite for passwords and will steal them from Chrome browser settings, as well as FTP passwords stored in a XML file on the machine, and account credentials for the No-IP dynamic DNS service.

Comment Why more fragmantation XMPP/OTR already there (Score 1) 1

by scanman1 on Wednesday September 04, 2013 @01:22AM (#44753729) Attached to: NSA-resistant Android app 'burns' sensitive messages

OTR has been doing exactly this with one time keys and sits on multiple platform/client with the standard XMPP protocol.

http://www.cypherpunks.ca/otr/

no need for another incompatible chat program.

Submission + - NSA-resistant Android app 'burns' sensitive messages (computerworld.com.au) 1

Submitted by angry tapir on Tuesday September 03, 2013 @10:58PM

angry tapir writes: Silent Circle, a company specializing in encrypted communications, has released a messaging application for Android devices that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keep the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys.

Submission + - Japanese Ice Wall to Stop Radio Active Leaks. (denverpost.com)

Submitted by minstrelmike on Tuesday September 03, 2013 @10:42AM

minstrelmike writes: Japan is planning to install a 2 mile around the Fukushima nuclear plant. The technology has not been used to that extent nor for more than a couple years. "Plus the frozen wall won't be ready for another two years, which means contaminated water would continue to leak out." But at least they have a $470 million dollar plan ready to present to the Olympic committee choosing Madrid, Istanbul or Tokyo.

Slashdot Top Deals