An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)

An anonymous reader writes "I've recently been charged with updating our existing serial console access tools. We have 12 racks of servers each with a console server in it (OpenGear, ACS, and a few others). Several of these systems host virtual machines which are also configured to have 'serial' management (KVM, virt serial). In total it comes to about 600 'systems.' All the systems also have remote power management (various vendors). Right now our team has a set of home grown scripts and a cobbled together database for keeping this all together. Today any admin can simply ssh into the master, run 'manage hostname console' and automatically get a serial console or run 'manage hostname power off' to cut the power to a system. I'd rather use some tools with more of a community than just the 4 of us. What tool(s) should I move my group onto for remote serial/power management?"

theodp writes "That there's no easy way for her to get timely, affordable access to taxpayer-funded research that could help her patients leaves speech-language pathologist Cortney Grove, well, speechless. 'Cortney's frustration,' writes the EFF's Adi Kamdar, 'is not uncommon. Much of the research that guides health-related progress is funded by taxpayer dollars through government grants, and yet those who need this information most-practitioners and their patients-cannot afford to access it.' She says, 'In my field we are charged with using scientific evidence to make clinical decisions. Unfortunately, the most pertinent evidence is locked up in the world of academic publishing and I cannot access it without paying upwards of $40 an article. My current research project is not centered around one article, but rather a body of work on a given topic. Accessing all the articles I would like to read will cost me nearly a thousand dollars. So, the sad state of affairs is that I may have to wait 7-10 years for someone to read the information, integrate it with their clinical opinions (biases, agendas, and financial motivations) and publish it in a format I can buy on Amazon. By then, how will my clinical knowledge and skills have changed? How will my clients be served in the meantime? What would I do with the first-hand information that I will not be able to do with the processed, commercialized product that emerges from it in a decade?'"

Dawn Kawamoto writes "IBM reached a settlement with the Justice Department over allegations it posted discriminatory online job openings, allegedly stating a preference for H-1B and foreign student visa holders for its software and apps developer positions. The job openings were for IT positions that would eventually require the applicant to relocate overseas. IBM agreed to pay $44,400 in civil penalties to the U.S., as well as take certain actions in the way it hires within the U.S. The settlement, announced Friday, comes at a time with tech companies are calling for the U.S. to allow more H-1B workers into the country."

dryriver writes "Translated from Der Spiegel: Hamburg Data-Protection Specialist Johannes Caspar warns against using iPhone 5S's new Fingerprint ID function. 'The biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed. One should thus avoid using biometric ID technologies for non-vital or casual everyday uses like turning on a smartphone. This is especially true if a biometric ID, like your fingerprint, is stored in a data file on the electronic device you are using.' Caspar finds Apple's argument that 'your fingerprint is only stored on the iPhone, never transmitted over the network' weak and misleading. 'The average iPhone user is not capable of checking, on a technical level, what happens to his or her fingerprint once it is on the iPhone. He or she cannot tell with any certainty or ease what kind of private data applications downloaded onto the iPhone can or cannot access. The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.' Caspar adds: 'As a matter of principle, one should never hand over any biometric data when it isn't strictly needed. Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"

snydeq writes "InfoWorld's Bill Snyder writes of Verizon's diabolical plan to to charge websites for carrying their packets — a strategy that, if it wins out, will be the end of the Internet as we know it. 'Think of all the things that tick you off about cable TV. Along with brainless programming and crummy customer service, the very worst aspect of it is forced bundling. ... Now, imagine that the Internet worked that way. You'd hate it, of course. But that's the direction that Verizon, with the support of many wired and wireless carriers, would like to push the Web. That's not hypothetical. The country's No. 1 carrier is fighting in court to end the Federal Communications Commission's policy of Net neutrality, a move that would open the gates to a whole new — and wholly bad — economic model on the Web.'"

hypnosec writes "In its latest attempt to stop Mozilla from going ahead with its proposed default blocking of third-party cookies in Firefox, the Interactive Advertising Bureau took out a full page ad urging users to stop 'Mozilla from hijacking the Internet.' Through the advert, IAB has claimed that the Firefox maker wants to be the 'judge and jury' when it comes to business models on the web. According to the IAB, Mozilla wants to eliminate the cookies which enable online advertisers to reach the right audience. IAB notes that 'If cookies are eliminated, it is clear to us that consumers will get a less relevant and diverse Internet experience.'"

Trailrunner7 writes "Security researchers have been warning about the weaknesses and issues with JavaScript and iframes for years now, but the problem goes far deeper than even many of them thought. A researcher in the U.K. has developed a new technique that uses a combination of JavaScript-based timing attacks and other tactics to read any information he wants from a targeted user's browser and sites the victim is logged into. The attack works on all of the major browsers and researchers say there's no simple fix to prevent it."

alphadogg writes "The lead author of a controversial research paper about flaws in luxury car lock systems will deliver a presentation at this month's USENIX Security Symposium even though a UK court ruling (inspired by a Volkswagen complaint) has forced the paper to be pulled from the event's proceedings. USENIX has announced that 'in keeping with its commitment to academic freedom and open access to research,' researcher Roel Verdult will speak at the Aug. 14-16 conference, to be held in Washington, D.C. Verdult and 2 co-authors were recently prohibited by the High Court of Justice in the U.K. from publishing certain portions of their paper, 'Dismantling Megamos Crypto: Wireless Lockpicking a Vehicle Immobilizer.' Among the most sensitive information: Codes for cracking the car security system in Porsches, Audis, etc."

New submitter Jah-Wren Ryel writes "It's been just over a month since the NSA's dragnet surveillance program was leaked to the public. Tomorrow, Congress is voting on an amendment that would block funding for NSA programs that collect the call records of innocent Americans. A win tomorrow may start a chain reaction — but it won't happen unless we speak up. We have one day to convince Congress to act." The EFF is urging U.S. citizens to call their representatives, noting that there is no time for email to be effective (find your representative). You can read the amendment on the EFF site, quoting the EFF: "Reps. Justin Amash, John Conyers, Jr., Thomas Massie, Mick Mulvaney, and Jared Polis are proposing an amendment that would curtail funding for the implementation of orders under Section 215 of the PATRIOT Act unless the order is explicitly limited in scope. ... Even as the Amash/Conyers Amendment is gaining momentum, some are rallying around a decoy amendment that would do nothing to rein in domestic surveillance. That amendment, championed by Rep. Nugent, would not alter in any way the government's use of Section 215 to obtain bulk communications records on millions of Americans. EFF is urging Representatives to oppose the Nugent Amendment."

Attila Dimedici writes "In a new Rasmussen poll, 75% of American adults would rather read a book in traditional print format than in an ebook format. Only 15% prefer the ebook format (the other 10% are undecided). The latter is a drop from the 23% that preferred the ebook format in Rasmussen's 2011 poll. In addition, more say they buy their books from a brick and mortar store than say they buy books online (35% from brick and mortar, 27% online). I suspect that the 27% who buy online buy more books, but these results are interesting and suggest that the brick and mortar bookstore is not necessarily doomed."