Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - Bitcoin exchange Bitstamp hacked for $5 million USD (bcoinnews.com)

An anonymous reader writes: Bitcoin exchange Bitstamp is one of the oldest exchanges in operation, providing a stable and reliable platform since 2011. The exchange revealed they were hacked for 19,000 Bitcoin that was worth around $5 million USD. Bitstamp is closed while they migrate to a new platform and investigate the breach in security.

Submission + - DHS is Struggling to Fulfill its Cyber Mission (securityledger.com)

chicksdaddy writes: It's always interesting to listen to what politicians say on their way out of office — after the pressure to get re-elected and say "on message" has been lifted. Eisenhower's historic farewell address in 1961 warned Americans about the influence of the Military-Industrial Complex. (http://en.wikipedia.org/wiki/Military%E2%80%93industrial_complex). Twenty years later, Jimmy Carter warned of the distorting influence of "single-issue groups and special interest organizations" on the political process. (http://www.jimmycarterlibrary.gov/documents/speeches/farewell.phtml)
And, this week, outgoing Sen. Tom Coburn (R-OK) used his final days in office to issue a blistering report on the Department of Homeland Security. Coburn argued that DHS was failing on each of its five, critical missions, among them: cyber security. (https://securityledger.com/2015/01/senator-warns-of-dhs-struggle-with-cyber-security/)

The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (http://www.coburn.senate.gov/public/index.cfm?a=Files.Serve&File_id=23ce3547-adf7-4798-b9d8-56ea2a486e95) was released on Saturday. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.”

Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber incidents provide “significant value” or are worth the expense. DHS programs are still heavily weighted towards software vulnerability mitigation, Coburn says, an activity that “will not protect the nation from the most sophisticated attacks and cybersecurity threats.”

Submission + - Ask Slashdot: Cryptographers, Crowdfunding, and Cluelessness! 6

David Hook writes: About a month ago the producers of the Bouncy Castle Cryptography APIs, the Legion of the Bouncy Castle, became a fully fledged Australian Charity. There were a few motivations for this: it has allowed us to establish a legal entity that formally owns the code base, it has provided us with a more solid framework in which to manage the project (which is now in the process of heading past 500k lines of C# and Java, so it's getting a bit unwieldy!), and it has given us the ability to legally raise money to support work on the APIs. Armed with our new found legal permission, we decided we'd have a go at raising some funds to have a couple of things FIPS certified. It's proving to be a bit of an adventure!

While a lot of people have asked for FIPS over the years, we do realise, in the light of what's happened recently, thinking about FIPS might seem a bit odd. That said, NIST have announced they're trying to reform, and the reality is that FIPS or something like it will be with us for some time to come. While we'd like to say we hope the reform effort goes well, as organisations like NIST if able to do their jobs well are really really useful, we also figure that having Java and C# APIs which was are not only FIPS certified but publically verifiable would be a step in the right direction all round.

There are other issues we are trying to address with this as well, at the moment FIPS still represents a real barrier to organisations and developers trying to build applications which are to talk to Government and other organisations that require FIPS. There has been some success at crossing this barrier with OpenSSL's efforts but it is clear that a few more offerings in the area are really needed. Most of the users of Bouncy Castle would understand that even if FIPS is not required today, some application they're working on in the future may well require FIPS, or a certification related to it. On top of that, a lot of people have invested a lot of time in learning the BC APIs, and it would seem to be to everyone's benefit that they'd be able apply the same knowledge in a FIPS environment as well. From our point of view going through the process might improve our general QA and further ensure that our implementations really are spot on. Of course, we're still going to maintain our regular distributions, so for anyone using the APIs it'll be their decision to be FIPS compliant or not. We are not really interested in telling people what they can and cannot do — we are more an "opportunity creation" type of group.

So just over a week ago, coinciding with our 50th Java release, Charity registration in hand, we decided to launch our fundraiser. Since then we've had 7943 downloads of the various 1.50 artifacts from our main server, and an unknown number from the central maven repostory and our mirror, and we've raised $2,642.34 AUD and 0.004 Bitcoins. I won't mention everything else that's been downloaded as well, but I'm sure you get the idea. While I'd like to thank the people that have donated, it's clearly a bit of a slow start. Obviously we are a bit new at this, and clearly much better programmers than fund raisers!

So, I guess, my scoop is that we are doing a fundraiser, and despite our abilities in the API department and the widespread use of the APIs, we're clearly not doing it very well. It appears almost no one is aware of it! Anyone interested in donating can find the details on the Bouncy Castle website but I would also like to use this opportunity to get some feed back on the whole idea, and what concerns people might have about the changes to how we are now doing things at Bouncy Castle. Some people have suggested that it would be more appropriate for some larger IT companies to be donating, and while we'd certainly appreciate a grand gesture, for us having a broad base of donors is also an important way of maintaining our independence. Having said that, any suggestions about how we might proceed more effectively will also be most welcome and I will follow this track so I can respond to any questions people might have.

Submission + - Google starts sending adverts as emails to Gmail users (geek.com) 1

An anonymous reader writes: Back in May, Google rolled out an update to Gmail that it marketed as “a new inbox.” What it did was to split the email you receive into categories and then display them in different tabs. The Gmail redesign wasn’t just to help users, though. It turns out Google has decided to introduce a new form of advertising because of it, one that you could view as being much more intrusive than before.

Some users have started noticing that in the Promotions tab new emails are appearing that they haven’t singed up to receive. These emails as marked as “Ad” under the sender name. A little further investigation reveals they are actually Google adverts packaged as emails.

Submission + - Ask Slashdot: what do you ACTUALLY do to protect your online privacy? 2

An anonymous reader writes: After all the media coverage about snooping in the last weeks and after i found out, that employees at my local isp are actually selling the surfing habits of customers, it is time for me to think about changing my setup.

What is the best way to protect your privacy for a pc and a smartphone from google, ad-networks and the isp. What tools are you using? What is the "best"? Is someone here actually running such a setup? What would the costs amount to? What would be involved?

Please be specific. I could not really find anything like "the n00b guide to online privacy"...

Submission + - NSA, Obama Sued Over Domestic Surveillance Program 4

Trailrunner7 writes: A group of people, including a former federal prosecutor and the parents of a Navy SEAL sniper killed in action, have filed a class-action law suit against the National Security Agency, Verizon and President Obama over the NSA’s collection of cell phone data. The suit says the order that enabled the surveillance program is “the broadest surveillance order to ever have been issued” and enables indiscriminate collection of data.

The suit, filed this week in federal court in Washington, D.C., also names Roger Vinson, the judge who signed the Verizon order, as a defendant, along with Attorney General Eric Holder and NSA Director Keith Alexander. The plaintiffs say that the NSA’s surveillance program violates the Constitution and unfairly and unnecessarily infringes on citizens’ privacy. The classified order directs Verizon to hand over all of the so-called metadata for calls on its network to the NSA. The metadata includes the originating and terminating phone numbers along with details of the call, but not the contents of the call.

“The order, issued and signed by Judge Roger Vinson, violates the U.S. Constitution and also federal laws, including, but not limited to, the outrageous breach of privacy, freedom of speech, freedom of association, and the due process rights of American citizens.”

Submission + - Judge Orders Porn Suspect to Decrypt His Hard Drives 2

An anonymous reader writes: After having first decided against forcing a suspect to decrypt a number of hard drives that were believed to be his and to contain child pornography, a U.S. judge has changed his mind and has now ordered the suspect to provide law enforcement agents heading the investigation with a decrypted version of the contents of his encrypted data storage system, or the passwords needed to decrypt forensic copies of those storage devices. Jeffrey Feldman, a software developer at Rockwell Automation, has still not been charged with any crime, and the prosecution initially couldn't prove conclusively that the encrypted hard drives contained child pornography or were actually Feldman's, which led U.S. Magistrate Judge William Callahan to decide that forcing him to decrypt them would violate his Fifth Amendment right against self-incrimination.

Submission + - Users flock to Japan student's firewall-busting thesis project (networkworld.com)

alphadogg writes: Tsukuba University doctoral student Daiyuu Nobori's online thesis project, VPN Gate, is designed to help individuals in countries that restrict Internet use to beat government firewalls. The service encourages members of the public to set up VPN servers and offer free connections to individual users, aiming to make the technology more accessible. "Today's VPN software is very complex. They are not easy to use. Some VPN services around the world are expensive for people in other parts of the world," Nobori said in an interview with IDG News Service. His service maintains a public, real-time list of freely available VPN servers for users to choose from. It also offers downloadable server software to run the VPN, and a client that greatly simplifies the process of finding and connecting to one of the free servers, for the less technically inclined.

Submission + - Selective Extraction of Dioxins (thermoscientific.com)

ChromSolutions writes: "More than a year ago, a dioxin health alert was issued by the EU when German officials said animal feed tainted with highly poisonous dioxin had been fed to hens and pigs, contaminating eggs, poultry meat and pork at the affected farms. According to the alert, approximately, 136,000 metric tonnes of feed for poultry and swine containing industrial fat was fed to livestock across Germany and the fat contained industrial dioxins. As a result, a draft EU dioxin regulation was issued (and endorsed by EU member states) containing four measures to be implemented throughout the EU by mid-2012 to reduce the risk of contamination in the food chain. These measures are aimed at avoiding food recalls from the market and financial costs to consumers and industries."

Submission + - Facebook on a slide based on User Data? (cbsnews.com)

Virtucon writes: A recent report from analyst firm comScore said that unique U.S. visitors to Facebook dropped slightly in May compared to April and March. But an analysis of additional comScore data suggests that the slowdown could be more significant and longer lasting. Falling traffic could be a concern to investors, who justify Facebook's high market value by pointing to its growth potential.
Open Source

Submission + - Hip hop artists developing open source beat making software (opensource.com)

caseyb89 writes: "Beat making software is incredibly expensive, and the high price limits usage to those who can afford it. Two professors at UNC have a dream of allowing all artists access to beat making software, regardless of income level. They are rallying the community on a project to create open source beat making software. The two professors double as DJs and hip hop artists, and they recently spoke at Rio+Social."

Submission + - Injected proteins protect mice from lethal radiation dose (nature.com)

ananyo writes: Two anti-clotting compounds already approved for use in humans may have a surprising role in treating radiation sickness. Last year's nuclear accident in Fukushima, Japan, renewed anxiety over the lack of treatments for radiation poisoning. It was long thought that the effects of exposure to high doses of radiation were instantaneous and irreversible, leading to destruction of the gut and loss of bone marrow cells, which damages blood-cell production and the immune system.
The two compounds are thrombomodulin (Solulin/Recomodulin), currently approved in Japan to prevent thrombosis, and activated protein C (Xigris). Treating mice with either drug post-exposure led to an eightfold increase in key bone marrow cells needed for the production of white blood cells, and improved the survival rates of mice receiving lethal radiation doses by 40–80% (abstract).
And yes, the lead author's name really is Geiger.


Submission + - Amnesty International ramping up web engagement (silicon.com)

An anonymous reader writes: Amnesty International is making extensive use of the web to spread its human rights campaigning message around the world and encourage greater engagement with its supporters. Check out this story to find out how

If we could sell our experiences for what they cost us, we would all be millionaires. -- Abigail Van Buren