Follow Slashdot stories on Twitter


Forgot your password?

Submission + - UK Cryptographers Call For UK, US Gov to Out Weakened Products

Trailrunner7 writes: A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.”

The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.

“We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures," the letter says.

Submission + - Nokia had an Android phone in Development (

puddingebola writes: Perhaps influencing Microsoft's $7.2 billion acquisition, the New York Times is reporting that Nokia had an Android phone in development. From the article, "A team within Nokia had Android up and running on the company’s Lumia handsets well before Microsoft and Nokia began negotiating Microsoft’s $7.2 billion acquisition of Nokia’s mobile phone and services business, according to two people briefed on the effort who declined to be identified because the project was confidential. Microsoft executives were aware of the existence of the project, these people said." Perhaps Nokia feared they had put too many eggs in one basket? Whatever the case, the project is most likely dead at this point.

Submission + - Are the NIST standard elliptic curves back-doored? 2

IamTheRealMike writes: In the wake of Bruce Schneier's statements that he no longer trusts the constants selected for elliptic curve cryptography, people have started trying to reproduce the process that led to those constants being selected ... and found it cannot be done. As background, the most basic standard elliptic curves used for digital signatures and other cryptography are called the SEC random curves (SEC is "Standards for Efficient Cryptography"), a good example being secp256r1. The random numbers in these curve parameters were supposed to be selected via a "verifiably random" process (output of SHA1 on some seed), which is a reasonable way to obtain a nothing up my sleeve number if the input to the hash function is trustworthy, like a small counter or the digits of PI. Unfortunately it turns out the actual inputs used were opaque 256 bit numbers, chosen ad-hoc with no justifications provided. Worse, the curve parameters for SEC were generated by head of elliptic curve research at the NSA — opening the possibility that they were found via a brute force search for a publicly unknown class of weak curves. Although no attack against the selected values are currently known, it's common practice to never use unexplainable magic numbers in cryptography standards, especially when those numbers are being chosen by intelligence agencies. Now that the world received strong confirmation that the much more obscure and less widely used standard Dual_EC_DRBG was in fact an NSA undercover operation, NIST re-opened the confirmed-bad standards for public comment. Unless NIST/the NSA can explain why the random curve seed values are trustworthy, it might be time to re-evaluate all NIST based elliptic curve crypto in general.

Submission + - Windows 8.1 Review: New Version, Same Mess

snydeq writes: If you're stuck with Windows 8, the Windows 8.1 upgrade is a no-brainer, but the fundamental flaws remain, writes Woody Leonhard in his in-depth review of the latest version of Windows 8. 'Windows 8.1 follows Windows 8 in typical Microsoft "version 2.0" fashion, changing a bit of eye candy and dangling several worthwhile improvements — but hardly solving the underlying problem. Touch-loving tablet users are still saddled with a touch-hostile Windows desktop, while point-and-clickers who live and breathe the Windows desktop still can't make Metro go away,' Leonhard writes. 'Windows 8.1 also installs the worst privacy-busting feature Windows has ever seen, and it nukes several key Windows 7 features in its headlong pursuit of SkyDrive profits.'

Submission + - Skype Bypasses Windows 8.1 Lock Screen 2

ChristW writes: From a blog entry on the Skype website, it is clear that "you can answer calls directly from your lock screen". So, if I lock my Windows PC and walk away, any passer by can answer my personal Skype calls.

Submission + - Atlassian Drops Wiki Markup from Confluence, Insists Users Love It (

An anonymous reader writes: I've been watching this story unfold for a while now. Atlassian has removed wiki markup from their enterprise "wiki" (is it a wiki without wiki markup?). Two versions later and users still can't upgrade because the new markup-less tool can't produce PDF output and has an unusable WYSIWYG text editor.

Atlassian's response to the outraged response, a typical walled garden playground where Atlassian will "listen" to feedback and insist that users still love the downgrade, non-functional software.

Submission + - The Avanti Group: Attacking us through our technology is scam 2.0

genebiemarls writes: Source:

Your computer is fraught with perils.

Most of us depend on this piece of equipment for multiple tasks in our lives yet know little about how it works. That makes us vulnerable to those looking to take advantage of our lack of technological sophistication.

Awareness is the best protection. So I'm passing on the experiences of readers who contacted The Pilot last month to alert us to two different computer scams that tried to make them victims.

John C. Edwards got an unsolicited call last month from someone who identified himself as working for "Windows Technical Services." The company had a report, the caller said, that Edwards was having a problem with the Microsoft Windows operating system.

"You do have a Windows machine?" the caller confirmed with Edwards.

"I should have caught on right there," Edwards, 69, told me during an interview last week.

The Virginia Beach resident had struggled with a few problems with his Microsoft security update, so he continued with the call. The supposed technician said he needed to connect remotely to Edwards' computer. Again, Edwards was skeptical but proceeded.

The distant technician began to work on some programs behind other windows open on Edwards' computer screen. "I had a whole bunch of corrupted files on my computer, and they were going to help me get rid of them," Edwards said the caller told him.

After a short time, Edwards grew wary and cut off the call. He never paid any money and believes he thwarted whatever the caller wanted to accomplish, "because they've been calling me ever since."

Edwards was a target of a likely "tech support scam," as the Federal Trade Commission calls it. Callers pose as technicians from operations that sound similar to major technology companies — Microsoft, Dell or security software makers Norton and McAfee. Once they gain access to a consumer's computer, they claim to find some kind of problem and pressure the consumer to pay anywhere from $130 to $300 to fix it, said Colleen Robbins, chief of online threat initiatives for the commission.

The commission heard the first complaints about this kind of scam in 2008, Robbins said. In October, the commission sued six companies accused of operating fraudulent tech support and has since settled a case against one individual.

The first clue that these callers aren't legit: Microsoft and the other companies will never call you unsolicited to offer tech support.

The commission found no evidence that the phony technicians stole personal information from victims' computers. "They want consumers' money," Robbins said.

Still, she advised that consumers who gave these operators access to their computers should change their passwords, consider visiting a computer repair expert to check for a breach, and watch their credit reports for signs that personal account information was stolen.

And, she said, they should adhere to this lesson: "If you don't know who they are, don't let them into your computer."

Some unscrupulous actors will get into your computer even when you don't allow them access.

That's what Judith Martin discovered. Her son turned on her computer in early July and saw a frightening message pop up on the screen.

It said the U.S. Department of Justice had found some kind of illegal activity on her computer and blocked further use of it. The message instructed her to pay a $300 fee to remove the block by ordering a prepaid MoneyPak card — even suggesting retailers such as Wal-Mart and Walgreens that sell it — and providing the account number on the screen.

Martin, 71, realized someone was trying to swindle her.

The so-called "FBI virus" is a form of computer malware, sometimes called "ransomware" because it holds your computer hostage for money.

Martin, a retired high school math teacher who lives in Virginia Beach, didn't buy a MoneyPak but did have to pay a computer repair service about $100 to get the virus removed from her computer. "It was very unnerving, just the idea that they would try to do that to people," she said.

Cox Communications' technicians have helped its high-speed Internet customers remove the FBI virus. The virus typically attacks a computer when the user clicks a link on a website or in an email, which might appear innocent, said Sarah Weaver, a spokeswoman at the cable company's local headquarters in Chesapeake.

Once removed, the virus doesn't seem to cause lasting damage or recur — unless the consumer stumbles upon another tainted link, Weaver said.

Submission + - http://istumblrdown Shuttered by Cease and Desist Order (

TrueSatan writes: Blogging platform Tumblr has issued a Cease and desist notice to a rather trivial and harmless site that simply offered status updates for Tumblr. The site owner claims this to be symptomatic of Tumblr's disregard for users needs quoting and their fixation on banning users rather than any more positive improvements they might make to their platform.

Submission + - Apple now relaying all FaceTime calls due to lost patent dispute (

Em Adespoton writes: Before the VirnetX case, nearly all FaceTime calls were done through a system of direct communication. Essentially, Apple would verify that both parties had valid FaceTime accounts and then allow their two devices to speak directly to each other over the Internet, without any intermediary or "relay" servers. However, a small number of calls—5 to 10 percent, according to an Apple engineer who testified at trial—were routed through "relay servers."

At the August 15 hearing, a VirnetX lawyer stated that Apple had logged "over half a million calls" complaining about the quality of FaceTime [since disabling direct connections].

Submission + - Raspberry Pi, Smart Highways Win World's Biggest Design Prize (

An anonymous reader writes: Last night the €500,000 INDEX: Award was awarded to 5 designs that can improve life for millions of people around the world — including high-tech highways that light up at night, the $25 Raspberry Pi computer, and a simple piece of paper that can cut food waste by extending the life of fresh produce by 2-4 weeks.

Submission + - Why you won't see or hear the 'I have a dream' speech (

Amorymeltzer writes: In honor of the 50th Anniversary of Dr. Martin Luther King, Jr.'s "I Have a Dream" speech, The Washington Post has an opinion piece by lawyer Josh Schiller detailing how copyright will prevent the full speech from being heard or seen by most:

A few months after King delivered the speech, he sent a copy of the address to the U.S. Copyright office and listed the remarks as a “work not reproduced for sale.” In legal terms, this is also known as an unpublished work. He subsequently sued to enjoin two publishers from distributing phonographic reproductions of the address.

Since 1963, King and, posthumously, his estate have strictly enforced control over use of that speech and King’s likeness. A few years ago, the estate received more than $700,000from the nonprofit foundation that created and built the monument to King on the Mall in order to use his words and image. The only legal way to reproduce King’s work — at least until it enters the public domain in 2038 — is to pay for a licensing fee, rates for which vary.

Submission + - Apple attempts to trademark the term "startup" in Australia (

An anonymous reader writes: Apple has lodged a trademark application for the term “startup” in Australia. If the application passes the examination phase, and isn’t successfully opposed, the term could become officially protected after seven-and-a-half months.

Submission + - Devs Flay Microsoft for Withholding Windows 8.1 RTM (

CWmike writes: Windows app developers are taking Microsoft to task for the company's decision to withhold Windows 8.1 until mid-October. Traditionally, Microsoft offers an RTM to developers several weeks before the code reaches the general public. On Tuesday, however, Microsoft confirmed that although Windows 8.1 has reached RTM, subscribers to MSDN will not get the final code until the public does on Oct. 17, saying it was not finished. Antoine Leblond, a Microsoft spokesman, in a blog post, 'In the past, the release to manufacturing (RTM) milestone traditionally meant that the software was ready for broader customer use. However, it's clear that times have changed.' Developers raged against the decision in comments on another Microsoft blog post, one that told programmers to write and test their apps against Windows 8.1 Preview, the public sneak peak that debuted two months ago. 'In an world inhabited by pink unicorns and pixie dust, the advice in this post would be sufficient,' said 'brianjsw,' one of several commenters. 'However, we live in the real world last time I looked out the window. In the real world, developers must have access to the RTM bits before [general availability]. The fact that Microsoft no longer seems to understand this truly frightens me.'

Submission + - NSA Shuts down critics under guise of copyright violations (

An anonymous reader writes: “Can a government agency block criticism by claiming copyright infringement? Sounds a bit ridiculous but it is happening. The NSA is effectively stopping one small business owner from criticism, claiming that by using its name he has infringed on their copyright,” according to a report by Infowars guest and investigative journalist Ben Swann.

Slashdot Top Deals

Your program is sick! Shoot it and put it out of its memory.