Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Not just NSA, FBI too illegally handled Americans' data (

mi writes: In his final congressional testimony before he was fired by President Trump this month, then-FBI Director James Comey unequivocally told lawmakers his agency used sensitive espionage data gathered about Americans without a warrant only when it was “lawfully collected, carefully overseen and checked.”

Once-top secret U.S. intelligence community memos reviewed by Circa tell a different story, citing instances of “disregard” for rules, inadequate training and “deficient” oversight and even one case of deliberately sharing spy data with a forbidden party.

Submission + - Malvertising Campaign Finds a Way Around Ad Blockers (

An anonymous reader writes: What many have feared has become reality today, after Malwarebytes researchers have discovered an online malvertising campaign that can bypass ad blockers. Named RoughTed, this campaign has been going strong for over a year, and has been delivering malicious ads on sites such as, ExtraTorrent, Openloud, and many others in the Alexa top 500.

In an interview, Jerome Segura, the researcher who discovered this campaign says RoughTed uses very aggressive advertising to detect a user's PC details. Segura also says that RoughTed is not the first malvertising campaign to deploy ad-blocker bypassing scripts, but it's the first at such a large scale. Users of ad-blockers have also started noticing RoughTed's ability to bypass their extensions.[Adblock Plus,uBlock originor AdGuard]

Furthermore, RoughTed seems to be very diverse, sending users to all sort of nasty sites, such as exploit kits, Windows PUP download sites, Mac adware sites, iOS pay-per-install schemes, online surveys, tech support scams, rogue Chrome extensions, and others. Basically, this malvertising campaign takes advantage of most of its traffic, not just users that use old IE versions.

Submission + - Fighting Government Crippled Encryption by Turning It Off Entirely! (

Lauren Weinstein writes: Of course, firms could indeed choose to withdraw from such markets, perhaps in conjunction with geoblocking of domestic users in those countries to meet government prohibitions against strong encryption. Pretty awful prospects.

There is another possibility though — that I’ll admit up front would be highly controversial. Rather than crippling those designated encryption systems in those countries under government orders, firms could choose to disable those encryption systems entirely!

I know that this sounds counterintuitive, but please hang with me for a few minutes!

Submission + - Is Google's New "Store Sales Measurement" System a Privacy Risk? (

Lauren Weinstein writes: Within hours of Google announcing their new “Store Sales Measurement” system, my inbox began filling with concerned queries. I held off responding on this until I could get additional information directly from Google. With that now in hand I feel comfortable in addressing this issue.

Submission + - UK Furious About US Intelligence Leaks

Oxygen99 writes: Further evidence of the dysfunctional nature of the Trump administration came to light today as the UK government expressed dismay at American leaks of intelligence related to the Manchester terrorist attack investigation. Sensitive information regarding identities and photos have both been leaked to the American press infuriating the British police. If you can't trust your supposed friends, who can you trust?

Submission + - Researchers Found Perfect Contraceptives From Traditional Chinese Medicine ( 3

hackingbear writes: Researchers at U.C. Berkeley found a birth control that was hormone-free, 100 percent natural, resulted in no side effects, didn’t harm either eggs nor sperm, could be used in the long-term or short-term, and — perhaps the best part of all — could be used either before or after conception, from ancient Chinese folk medicine. In order to actually penetrate the egg, sperm need to whip their tails faster to pick up momentum. But there are two plant compounds that can prevent sperm from doing this, no matter how valiantly they may try — lupeol, found in mango and dandelion root, and pristimerin, from a plant called the “thunder god vine,” the leaves of which had been used as birth control in traditional Chinese medicine. The sperm and egg are never actually harmed; they’re just never able to meet, thus eliminate ethical concerns of pro-lifers. “Because these two plant compounds block fertilization at very, very low concentrations — about 10 times lower than levels of levonorgestrel in Plan B — they could be a new generation of emergency contraceptive we nicknamed ‘molecular condoms,’” team leader Polina Lishko.

Submission + - Vermont DMV Caught Using Illegal Facial Recognition Program (

schwit1 writes: The Vermont Department of Motor Vehicles has been caught using facial recognition software — despite a state law preventing it.

Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV’s database of names and driver’s license photos with information with state and federal law enforcement. Vermont state law, however, specifically states that “The Department of Motor Vehicles shall not implement any procedures or processes that involve the use of biometric identifiers.”

The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million Vermonters and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement.

Submission + - Manchester attack could lead to Internet crackdown (

boundary writes: The UK government looks to be about to put the most egregious parts of the Investigative Powers Act into force 'soon after the election' (which is in a couple of weeks) in the wake of the recent bombing in Manchester. 'Technical Capability Orders' require tech companies to break their own security. I wonder who'll comply?

Submission + - Malware Network Communication Provides Early-Warning Signal (

msm1267 writes: Research unveiled today challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections.

Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better approach would be an analysis of network traffic to suspicious domains that would potentially cut detection times down by weeks or even months.

Their paper, “A Lustrum of Malware Network Communication Evolution and Insights,” is scheduled to be presented Wednesday at the IEEE Security and Privacy Symposium in San Jose, Calif.

The researchers’ conclusions are based on a study of five years’ worth of network traffic from a large U.S.-based internet service provider, comprised of more than five billion network events. The group had more than 26 million malware samples at their disposal, and studied DNS server requests made by malware and potentially unwanted programs (PUPs), as well as the timing around the registration of expired domains.

The researchers concluded that attackers—including spammers and adware purveyors dabbling in PUPs—re-use infrastructure over and over and that provides a better early-detection signal than an exclusive study of malware and PUP domains. They found more than 300,000 malware samples were active for at least two weeks before they were submitted to a feed such as VirusTotal or picked up and analyzed in a vendor feed.

“When we looked at when malware samples actually showed up in malware feeds where they dynamically analyzed and network signal was extracted from them, we noticed that network signal was extracted in the feed often weeks or months after we saw the first resolutions for that domain in real network traffic from a major ISP in the U.S,” said Chaz Lever of Georgia Tech, one of the report’s coauthors.

Submission + - JSON Feed Announced as Alternative to RSS (

Anubis IV writes: With Slashdot recently asking whether we still use RSS, it may come as a surprise that something interesting has happened in the world of news feeds this week. JSON Feed was launched as an alternative to RSS and Atom, eschewing the XML they rely on—which is frequently malformed and difficult to parse—in favor of a human readable JSON format that reflects the decades of combined experience its authors have in the field.

The JSON Feed spec is a simple read that lays out a number of pragmatic benefits the format has over RSS and Atom, such as eliminating duplicate entries, adding the ability to paginate feeds so that old entries remain available, and reducing the need for clients to scrape sites to find images and other resources. Given that it's authored by the developers behind one of the earliest, popular RSS clients and a recently Kickstarted blogging platform, the format is intended to address the common pain points currently faced by developers when producing and parsing feeds.

While it remains to be seen whether JSON Feed will escape the chicken-and-egg stage of adoption, several clients have already added support for the fledging format in the week since its announcement, including Feedbin, Inoreader, and NewsBlur.

Slashdot Top Deals

Life is difficult because it is non-linear.