Forgot your password?
typodupeerror

+ - Ask Slashdot: After TrueCrypt->

Submitted by TechForensics
TechForensics (944258) writes "(Resubmitted because was not identified as "Ask Slashdot"

We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been compromised.

This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA–hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.

This is the situation we have: all of the main or important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered tainted. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother. (Would it not be possible for the NSA to create a second TrueCrypt that has the same hash value as the original?)

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?"

Link to Original Source

+ - Open-Source Blu-Ray Library Now Supports BD-J Java->

Submitted by Anonymous Coward
An anonymous reader writes "Updates to the open-source libbluray, libaacs, and libbdplus libraries have improved the open-source Blu-ray disc support to now enable the Blu-ray Java interactivity layer (BD-J). The Blu-ray Java code is in turn executed by OpenJDK or the Oracle JDK and is working well enough to play a Blu-ray disc on the Raspberry Pi when paired with the VLC media player."
Link to Original Source

+ - Explicit Photos Were Often Shared at N.S.A->

Submitted by ememisya
ememisya (1548255) writes "“In the course of their daily work they stumble across something that is completely unrelated to their work, for example an intimate nude photo of someone in a sexually compromising situation but they’re extremely attractive,” he said. “So what do they do? They turn around in their chair and they show a co-worker. And their co-worker says: ‘Oh, hey, that’s great. Send that to Bill down the way.’ ”

The article also states Britain is often used as test grounds for privacy violation.

"... because in Britain the respect for individual privacy, he said, 'is not strongly encoded in law or policy.'

Because it has fewer restrictions, British intelligence platforms 'are used as a testing ground'""

Link to Original Source

+ - NSA Admits Retaining Snowden Emails, no FOIA for US press->

Submitted by AHuxley
AHuxley (892839) writes "The http://thedesk.matthewkeys.net... reports on a FOIA request covering "... all e-mails sent by Edward Snowden"
Remember how Snowden should have raised his concerns with his superiors within the NSA?
Remember how no such communication could be found?
Remember how one such communication was released but did not seem to be raising direct concerns?
Well some record of e-mail communications seems to exist but they are exempt from public disclosure under the federal Freedom of Information Act."

Link to Original Source

+ - In New Zealand The Right To Silence And Presumption Of Innocence Are In Danger->

Submitted by cold fjord
cold fjord (826450) writes "The New Zealand Herald reports, "Fundamental pillars of the criminal justice system may be eroded whichever party wins the election this year, as both National's and Labour's proposals would look into changing the right to silence or the presumption of innocence in rape cases. Both major parties claim the current system is not upholding justice for victims, and are looking at changes that would effectively make it easier for prosecutors to obtain convictions. National wants to explore allowing a judge or jury to see an accused's refusal to give evidence in a negative light, while Labour wants to shift the burden of proof of consent from the alleged victim to the accused.""
Link to Original Source

+ - Ask Slashdot: How can I prepare for the Theft of my Android Phone? 5

Submitted by Adam Jorgensen
Adam Jorgensen (1302989) writes "Last week my 4-week old Moto G phone was stolen while getting onto the train at Salt River in Cape Town, South Africa. That in itself is no big deal. Cellphone theft is a huge problem here in South Africa and I've had at least two previous cellphones stolen. The big deal this time, for me at least, was that this was the first time I've lost an Android phone to theft.

When I actually sat down and through about it, losing a fully configured Android phone is actually a big deal as it provides ready access to all kinds of accounts, including ones Google account. This could potentially allow the thief to engage in all kinds of malicious behaviour, some of which could have major implications beyond the scope of the theft.

Luckily for me it seems that the thief did the usual thing: Dumped the sim card, wiped the phone and switched it off. It's probably had it's IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country.

Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling.

My question is this: Are there any serious solutions out there for Android that secure against theft?

By serious I mean solutions that go beyond the laughably easy to defeat "Find My Phone" and "Remote Wipe" options provided at present. Presently I'm thinking along the lines of:
  • Full encryption of phone contents
  • Some kind of "Travel Safe" mode that would lock the phone down and trigger a full wipe of not unlocked correctly (Including wiping the phone on next boot if not unlocked before being switched off/running out of battery).

So, any ideas?"

+ - Utah Legislature moves to shutdown NSA Datacenter->

Submitted by Tora
Tora (65882) writes "Utah Legislature is discussing a bill which would prohibit the state from supporting any entity which violates constitutional rights, such as the fourth amendment. Because of this, the water required to run the NSA datacenter would be prohibited until the NSA complied with constitutional laws for citizens."
Link to Original Source

...this is an awesome sight. The entire rebel resistance buried under six million hardbound copies of "The Naked Lunch." - The Firesign Theater

Working...