Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

+ - Twitter moves non-US accounts to Ireland away from the NSA-> 1

Submitted by Mark Wilson
Mark Wilson writes: Twitter has updated its privacy policy, creating a two-lane service that treats US and non-US users differently. If you live in the US, your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope.

What's the significance of this? Twitter Inc is governed by US law, it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-US operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.

Link to Original Source

+ - The Hidden FM Radio Inside Your Pocket->

Submitted by mr crypto
mr crypto writes: Data providers would probably prefer you not know that most smart phones contain an FM chip that lets you listen to broadcasts for free: "But the FM chip is not activated on two-thirds of devices. That's because mobile makers have the FM capability switched off." The National Association of Broadcasters, National Public Radio, and American Public Media — have launched a lobbying campaign to get those radios switched on.
Link to Original Source

+ - LightEater malware attack places millions of unpatched BIOSes at risk->

Submitted by Mark Wilson
Mark Wilson writes: Two minutes is all it takes to completely destroy a computer. In a presentation entitled "How many million BIOSes would you like to infect?" at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments.

The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk.

Link to Original Source

+ - UNDER U.S. PRESSURE, PAYPAL NUKES MEGA FOR ENCRYPTING FILES->

Submitted by seoras
seoras writes: After coming under intense pressure PayPal has closed the account of cloud-storage service Mega. According to the company, SOPA proponent Senator Patrick Leahy personally pressured Visa and Mastercard who in turn called on PayPal to terminate the account. Bizarrely, Mega's encryption is being cited as a key problem.... ... What makes the situation more unusual is that PayPal reportedly apologized to Mega for its withdrawal while acknowledging that company’s business is indeed legitimate.
However, PayPal also advised that Mega’s unique selling point – it’s end-to-end-encryption – was a key concern for the processor."

Link to Original Source

+ - NSA Spying Wins Another Rubber Stamp->

Submitted by schwit1
schwit1 writes: The FISA court has again renewed an order allowing the NSA to continue its illegal bulk collection of Americans' phone records, at least until June 1 when it is set to expire in Congress. President Obama pledged to end the controversial program more than a year ago.

The extension is the fifth of its kind since Obama said he would effectively end the Snowden-exposed program as it currently exists during a major policy speech in January 2014. Obama and senior administration officials have repeatedly insisted that they will not act alone to end the program without Congress.

After all the other things he's done against or without congressional approval and he balks at this one?

Link to Original Source

+ - Taping K-Cup Lid to Keurig hacks its DRM permanently->

Submitted by Anonymous Coward
An anonymous reader writes: "If you haven’t actually used a Keurig coffee machine, then you’ve probably at least seen one. They are supposed to make brewing coffee simple. You just take one of the Keurig “k-cups” and place it into the machine. The machine will punch a hole in the foil top and run the water through the k-cup. Your flavored beverage of choice comes out the other side. It’s a simple idea, run by a more complex machine. A machine that is complicated enough to have a security vulnerability.

Unfortunately newer versions of these machines have a sort of DRM, or lockout chip. In order to prevent unofficial k-cups from being manufactured and sold, the Keurig machines have a way to detect which cups are legitimate and which are counterfeit. It appears as though the machine identifies the lid specifically as being genuine.

It turns out this “lockout” technology is very simple to defeat. All one needs to do is cut the lid off of a legitimate Keurig k-cup and place it on top of your counterfeit cup. The system will read the real lid and allow you to brew to your heart’s content. A more convenient solution involves cutting off just the small portion of the lid that contains the Keurig logo. This then gets taped directly to the Keurig machine itself. This way you can still easily replace the cups without having to fuss with the extra lid every time."

It’s a simple hack, but it’s interesting to see that even coffee machines are being sold with limiting technology these days. This is the kind of stuff we warned people about five or ten years ago. Yet here we are, with a coffee machine made more useable through its security vulnerability.

Link to Original Source

+ - *.RU based Photo Sharing is also hosting Pedophiles?

Submitted by TchrBabe
TchrBabe writes: Even "safe" pictures of your children online aren't safe anymore. Who would have thought this?!? (insert sarcasm tag here).

According to this article in the Sunday Express, pedophiles are gleaning family and "normal" photos of children from social media postings and sharing them with sexual commentary and discussion.

Once again, social media is only as safe as the level of common sense and privacy that the individuals use (which often isn't much).

+ - "TrueCrypt must not die" - TrueCrypt continuation effort underway

Submitted by Runefox
Runefox writes: In the wake of the confusing and abrupt apparent demise of TrueCrypt, many have been left without a continuing, open source means of cross-platform encryption. TrueCrypt.ch, a Switzerland-hosted webpage, sprung up recently in a bid to reorganize and continue development of recently-discontinued TrueCrypt. While no development efforts have yet begun, according to their current development status:

Currently the news is still in flux, and we will support any efforts in reviving TrueCrypt. If other Initiatives arise we will try to support them. At the moment we want to make sure everyone who wants can continue to use TrueCrypt.

They have already gathered the TrueCrypt source code into GitHub and made available for download the latest working versions of TrueCrypt, with the disclaimer that they are currently unmaintained. According to the website, the choice to use Swiss web hosting was made because "If there have been legal problems with the US, the independent hosting in Switzerland will guarantee no interruption due to legal threats."

+ - How Silk Road Bounced Back from Its Multimillion-Dollar Hack ->

Submitted by Daniel_Stuckey
Daniel_Stuckey writes: “I am sweating as I write this I must utter words all too familiar to this scarred community: We have been hacked.” That is what Defcon, the current administrator of the infamous black market site Silk Road (the 2.0 version), wrote back in February on the site’s forums. In total, an estimated $2.7 million worth of bitcoin belonging to users and staff of the site was stolen. Some in the Silk Road community suspected that the hack might have involved staff members of the site itself, echoing scams on other sites. Project Black Flag closed down after its owner scampered with all of their customers' bitcoin, and after that users of Sheep Marketplace had their funds stolen, in an incident that has never been conclusively proven as an inside job or otherwise. Many site owners would probably have given up at this point, and perhaps attempted to join another site, or start up a new one under a different alias. Why would you bother to pay back millions of dollars when you could just disappear into the digital ether? But Silk Road appears to be trying to rebuild, and to repay users' lost bitcoins.
Link to Original Source

+ - Parents' Privacy Concerns Kill Bill Gates' $100M inBloom Initiative

Submitted by theodp
theodp writes: As things turn out, All Your Child's Data Are Not Belong To inBloom, the Bill Gates-bankrolled and News Corp. subsidiary-implemented data initiative that sought to personalize learning. GeekWire's Tricia Duryee reports that inBloom, which was backed by $100 million from The Bill and Melinda Gates Foundation and others, is closing up shop after parents worried that its database technology was violating their children's privacy. According to NY Times coverage (reg.), the inBloom database tracked 400 different data fields about students — including family relationships ("foster parent" or "father's significant other”") and reasons for enrollment changes ("withdrawn due to illness" or "leaving school as a victim of a serious violent incident") — that parents objected to, prompting some schools to recoil from the venture. In a statement, inBloom CEO Iwan Streichenberger said that personalized learning was still an emerging concept, and complained that the venture had been "the subject of mischaracterizations and a lightning rod for misdirected criticism." He added, "It is a shame that the progress of this important innovation has been stalled because of generalized public concerns about data misuse, even though inBloom has world-class security and privacy protections that have raised the bar for school districts and the industry as a whole [although it was still apparently vulnerable to Heartbleed]." As far as Gates goes, the world's richest man has a couple of irons left in the data-driven personalized learning fire via his ties to Code.org, which seeks 7 years of participating K-12 students' data, and Khan Academy, which recently attracted scrutiny over its data-privacy policies. Khan Academy — which counted the managing partner of Gates' bgC3 think-tank and Google CEO Eric Schmidt as Board members in a recent tax filing — just struck an exclusive partnership with CollegeBoard to prepare students for the redesigned SAT.

+ - The Ethical Dilemmas Today's Programmers Face

Submitted by snydeq
snydeq writes: As software takes over more of our lives, the ethical ramifications of decisions made by programmers only become greater. Unfortunately, the tech world has always been long on power and short on thinking about the long-reaching effects of this power. More troubling: While ethics courses have become a staple of physical-world engineering degrees, they remain a begrudging anomaly in computer science pedagogy. Now that our code is in refrigerators, thermostats, smoke alarms, and more, the wrong moves, a lack of foresight, or downright dubious decision-making can haunt humanity everywhere it goes. Peter Wayner offers a look at just a few of the ethical quandaries confronting developers every day. 'Consider this less of a guidebook for making your decisions and more of a starting point for the kind of ethical contemplation we should be doing as a daily part of our jobs.'

+ - Problems with Windows XP caused by Microsoft.

Submitted by Futurepower(R)
Futurepower(R) writes: We are seeing 4 kinds of problems with Windows XP today at 2 remote locations:

1) One kind of problem is similar to the one in this April 7, 2014 story about computers in Australia: Pop-ups irritate Windows XP's remaining users. Microsoft Security Essentials on computers in the United States give pop-up messages about the MSE service being stopped.

2) Computers are requiring far longer to start, perhaps 12 to 15 minutes. Then the MSE pop-up appears.

3) Microsoft Security Essentials now calls into question whether XP is genuine. These are all computers that have run without issues for several years. The customer bought licenses when Windows XP was first released.

4) We have seen problems with the Windows XP operating system detecting a key stuck down when no keys were pressed on the keyboard. That is a software problem, not a keyboard hardware problem. It causes the system to be un-responsive because the key being detected is not one actually pressed, but is actually a key combination. Again, that is happening on computers that have been trouble-free for years. That problem began happening after a Windows update.

Microsoft said it would support MSE on Windows XP for another year. See the Microsoft article, Microsoft antimalware support for Windows XP. Apparently that support is not happening in the normal way.

+ - Turkey's Attempt to Block Tor Failing Due to Multiple Mirrors->

Submitted by DavidGilbert99
DavidGilbert99 writes: Turkey's prime minister Recep Tayyip Erdogan has already block Twitter and YouTube. Now, after Turkish people flocked to anonymous browser Tor, he is trying to block that too. However the Tor project has multiple mirrors, including one operated by the Electronic Frontier Foundation, which are still accessible in Turkey, making the block on the official site a bit pointless.
Link to Original Source

+ - Are the backdoors to flash memory reserve pools? 1

Submitted by hormiga
hormiga writes: Because flash memory has a relatively limited number of program/erase cycles before failure, wear leveling mechanisms are often employed. These mechanisms sometimes use a pool of reserve blocks, managed by the controller, invisible to the user. There seem to be two consequences of this: (1) erasure is problematic, because the supposedly erased data might be hidden in the reserve pool, and (2) it might be possible to develop a "flash unerase" to recover some portions of accidentally deleted files. The implications for forensics, security, and simple convenience appear obvious.

This line of thinking was prompted by the unintended erasure of a Verbatim USB memory stick, occasioned by a laptop hardware accident. The drive was simply zeroed by the accident, but I suspect from the quickness of the incident that there was not time for the laptop to write zeroes to the memory stick: there may have been activation of a special command channel to the controller. I would like to recover the contents of that device.

I would like to develop a library and utility for the recovery of hidden data from the reserve pool, and for the secure erasure of files and interstitial gaps in the file systems of flash drives, especially for devices such as USB memory sticks. However, I'm not having much success discovering the interfaces available to software. Are there special backdoors or handshakes to access the reserve pools or other features in the flash controllers? Where is this information available?

Naturally, the results and code will be published as FLOSS.

+ - ATM malware, controlled by a text message, spews cash-> 1

Submitted by netbuzz
netbuzz writes: Cybercriminals are able to get cash from a certain type of ATM by sending a text message. The tactic is being reported by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico. The malware is engineered to plunder a certain type of standalone ATM, which Symantec has not identified. The company obtained one of the ATMs to carry out a test of how Ploutus works, but it doesn't show a brand name.
Link to Original Source

You can fool all the people all of the time if the advertising is right and the budget is big enough. -- Joseph E. Levine

Working...