Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - XKEYSCORE: NSA'S Google for the World's Private Communications->

Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."

also

"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

Link to Original Source
The Courts

8 Yelp Reviewers Hit With $1.2 Million Defamation Suits 205 205

New submitter goodboi writes: A Silicon Valley building contractor is suing 8 of its critics over the reviews they posted on Yelp. The negative reviews were filtered out by Yelp's secretive ranking system, but in court documents filed earlier this month, Link Corporation claims that the bad publicity cost over $165,000 in lost business.
Programming

To Learn (Or Not Learn) JQuery 125 125

Nerval's Lobster writes: jQuery isn't without its controversies, and some developers distrust its use in larger projects because (some say) it ultimately leads to breakage-prone code that's harder to maintain. But given its prevalence, jQuery is probably essential to know, but what are the most important elements to learn in order to become adept-enough at it? Chaining commands, understanding when the document is finished loading (and how to write code that safely accesses elements only after said loading), and learning CSS selectors are all key. The harder part is picking up jQuery's quirks and tricks, of which there are many... but is it worth studying to the point where you know every possible eccentricity?
Google

SCOTUS Denies Google's Request To Appeal Oracle API Case 180 180

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

Comment: fully half baked (Score 1) 171 171

the idea might be a bit half-baked

imho, it's not a bit half-baked, it's all the way...*this idea is awful*

my first thought was, in order to detect on females you have to have intercourse first, which kind of defeats the purpose...also, checking the color (i can just see the antics w/ attempting to use a cell phone light...) is also going to be more awkward than any of the alternatives

these ideas never leave the concept stage

if something like a condom can indicate this, just make a test swab or something...it's already awkward having to stop and turn on the light to check the color...

Comment: terrible OS (Score 0, Troll) 289 289

But Microsoft is the one who dictates what technology Samsung must play nice with...

The difficulty is first with Microsoft, and Samsung's 'fix' wouldn't be necessary without it.

This isn't the first time an OEM has compromised the security of its users.

Blame has to go to Microsoft *first*...it's illogical to blame the cart for something the horse chose to do.

AI

NIST Workshop Explores Automated Tattoo Identification 71 71

chicksdaddy writes: Security Ledger reports on a recent NIST workshop dedicated to improving the art of automated tattoo identification. It used to be that the only place you'd commonly see tattoos was at your local VA hospital. No more. In the last 30 years, body art has gone mainstream. One in five adults in the U.S. has one. For law enforcement and forensics experts, this is a good thing; tattoos are a great way to identify both perpetrators and their victims. Given the number and variety of tattoos, though, how to describe and catalog them? Clearly this is an area where technology can help, but it's also one of those "fuzzy" problems that challenges the limits of artificial intelligence.

The National Institute of Standards and Technology (NIST) Tattoo Recognition Technology Challenge Workshop challenged industry and academia to work towards developing an automated image-based tattoo matching technology. Participating organizations in the challenge used a FBI -supplied dataset of thousands of images of tattoos from government databases. They were challenged to develop methods for identifying a tattoo in an image, identifying visually similar or related tattoos from different subjects; identifying the same tattoo image from the same subject over time; identifying a small region of interest that is contained in a larger image; and identifying a tattoo from a visually similar image like a sketch or scanned print.
Earth

3D Printing Might Save the Rhinoceros 163 163

GordonShure.com writes: San Francisco based biotech startup Pembient have released details of their 3D printing led method to derail the market for Rhinoceros horns. Presently the bulk of demand originates from China, where said horns — gathered in the wild by poachers who usually kill the rhinos — are revered for supposed medicinal qualities. The new firm intends to mix keratin with Rhino DNA, then machine the combination with a 3D printer in a way that their counterfeit horns are difficult to detect by customers and traffickers alike.

The company already mulls expanding its production principle to other, lucrative wild animal trades such as the claws of tigers and lions. Pembient is however a young company — for all their ingenuity, will their ambitions to take on such a colossal black market be realized?

Comment: defining "computer security" for your clients (Score 1) 53 53

Mr. Krebs, thank you for the time.

My question is about defining "computer security" in relation to public perceptions vs technical facts.

It was reported in 2006 that the NSA was keeping massive databases of American's phone calls and metadata: http://yahoo.usatoday.com/news...

Obviously, Snowden's revelations were much more heavily reported, and contained more info, but the public was shocked at information that was already public.

When it comes to cyber security customers, how do you explain and contextualize what service you are providing given the vast differences in perception of "security"?

Comment: Re:They are hiding the truth... (Score 1) 81 81

Heck, we aren't talking about some banana republic here. Or are we?

I see you're not up to date with current german politics. We are.

Merkel doesn't give a flying fuck because she really doesn't give a fuck about anything. She was trained very well how to get into and stay in power, and that's the only thing she's doing. Every move of her makes sense if you analyze it from that perspective. This is no different - big trouble with the USA is not a career-improving path, but the people of Germany are too forgiving and will let her and her party get away with all this shit.

We want to create puppets that pull their own strings. - Ann Marion

Working...