Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - Apple Steals exclusive "iPhone" Trademark from Brazilian Firm (cnet.com) 4

bhagwad writes: Brazil's IGB Electronica filed for the "iPhone" trademark way back in 2000 and it wanted to retain exclusive rights to the name. Apple didn't like this and filed a lawsuit. The Brazil's Institute of Industry Property (INPI) sided with IGB saying that Apple had no right to use the name "iPhone" since it was already taken. Apple appealed that. In a bizarre ruling today, the appeals court overturned the lower court's ruling saying "all the (Apple) product's renown and client following have been built on its performance and excellence as a product." So that's ok then. No exclusive trademark rights for someone who filed for it eight years before the iPhone was even a product. This begs the question though...why did Apple even take this to court? Shouldn't it just accept that someone else trademarked the name and move on?

Submission + - World first digital laser invented in South Africa by CSIR (greenitweb.co.za)

khabza writes: Researchers at South Africa's Council for Scientific and Industrial Research (CSIR) have developed a world-first digital laser that could be a game-changer in the field, paving the way for new laser applications in areas ranging from medicine to communications.

Submission + - The Case of the Copyrighted Detective: The Saga Continues

Dster76 writes: Slashdot has discussed the tangle involving Sherlock Holmes and Copyright before. Well, they're at it again.

A new wrinkle has emerged: a 'Sherlock Holmes scholar' has filed for a declaratory judgement that all of the Sherlock Holmes writings are in the public domain. But the estate has responded — with hilarious arguments.

If this goes in favour of the Conan Doyle Estate, then it's hard to see how copyright is about expressions and not ideas.

Submission + - NSA hired VUPEN, "Darth Vader of Cybersecurity," for 0-day exploit

v3rgEz writes: Documents requested by MuckRock from the National Security Agency show it had a contract with the French security researcher VUPEN whose founder and CEO Chaouki Bekrar puckishly touts himself as the "Darth Vader of Cybersecurity."

While the NSA redacted the price of the subscription, VUPEN is apparently hoping the year-long contract is a sign of things to come: It recently tweeted it was setting up shop in Maryland.

Submission + - NSA Bought Exploit Service From VUPEN (threatpost.com)

Reverand Dave writes: The U.S. government–particularly the National Security Agency–are often regarded as having advanced offensive cybersecurity capabilities. But that doesn’t mean that they’re above bringing in a little outside help when it’s needed. A newly public contract shows that the NSA last year bought a subscription to the zero-day service sold by French security firm VUPEN.

The contract, made public through a Freedom of Information Act request by MuckRock, an open government project that publishes a variety of such documents, shows that the NSA bought VUPEN’s services on Sept. 14, 2012. The NSA contract is for a one-year subscription to the company’s “binary analysis and exploits service”.

Submission + - A new way to fund open source software projects, bug fixes and feature requests

Lemeowski writes: Open source software projects are seeing some success on fundraising sites like Kickstarter and Indiegogo. But Warren Konkel believes open source software needs a better funding model that's more aligned with how software is built. So Konkel, who was the first hire at LivingSocial, teamed up with his friend David Rappo, a producer for games including GuitarHero and Skylander, and founded Bountysource, a crowdfunding and bounty site specifically designed to help developers raise money for thier OSS projects, bug fixes and feature requests. In this interview, Konkel talks about how he recently snagged a $1.1 million investment in Bountysource, gives developers tips on launching a fundraising effort for thier OSS project, and more.

Submission + - UK Cryptographers Call For UK, US Gov to Out Weakened Products

Trailrunner7 writes: A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.”

The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.

“We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures," the letter says.

Submission + - Nokia had an Android phone in Development (nytimes.com)

puddingebola writes: Perhaps influencing Microsoft's $7.2 billion acquisition, the New York Times is reporting that Nokia had an Android phone in development. From the article, "A team within Nokia had Android up and running on the company’s Lumia handsets well before Microsoft and Nokia began negotiating Microsoft’s $7.2 billion acquisition of Nokia’s mobile phone and services business, according to two people briefed on the effort who declined to be identified because the project was confidential. Microsoft executives were aware of the existence of the project, these people said." Perhaps Nokia feared they had put too many eggs in one basket? Whatever the case, the project is most likely dead at this point.

Submission + - Are the NIST standard elliptic curves back-doored? 2

IamTheRealMike writes: In the wake of Bruce Schneier's statements that he no longer trusts the constants selected for elliptic curve cryptography, people have started trying to reproduce the process that led to those constants being selected ... and found it cannot be done. As background, the most basic standard elliptic curves used for digital signatures and other cryptography are called the SEC random curves (SEC is "Standards for Efficient Cryptography"), a good example being secp256r1. The random numbers in these curve parameters were supposed to be selected via a "verifiably random" process (output of SHA1 on some seed), which is a reasonable way to obtain a nothing up my sleeve number if the input to the hash function is trustworthy, like a small counter or the digits of PI. Unfortunately it turns out the actual inputs used were opaque 256 bit numbers, chosen ad-hoc with no justifications provided. Worse, the curve parameters for SEC were generated by head of elliptic curve research at the NSA — opening the possibility that they were found via a brute force search for a publicly unknown class of weak curves. Although no attack against the selected values are currently known, it's common practice to never use unexplainable magic numbers in cryptography standards, especially when those numbers are being chosen by intelligence agencies. Now that the world received strong confirmation that the much more obscure and less widely used standard Dual_EC_DRBG was in fact an NSA undercover operation, NIST re-opened the confirmed-bad standards for public comment. Unless NIST/the NSA can explain why the random curve seed values are trustworthy, it might be time to re-evaluate all NIST based elliptic curve crypto in general.

Submission + - Windows 8.1 Review: New Version, Same Mess

snydeq writes: If you're stuck with Windows 8, the Windows 8.1 upgrade is a no-brainer, but the fundamental flaws remain, writes Woody Leonhard in his in-depth review of the latest version of Windows 8. 'Windows 8.1 follows Windows 8 in typical Microsoft "version 2.0" fashion, changing a bit of eye candy and dangling several worthwhile improvements — but hardly solving the underlying problem. Touch-loving tablet users are still saddled with a touch-hostile Windows desktop, while point-and-clickers who live and breathe the Windows desktop still can't make Metro go away,' Leonhard writes. 'Windows 8.1 also installs the worst privacy-busting feature Windows has ever seen, and it nukes several key Windows 7 features in its headlong pursuit of SkyDrive profits.'

Submission + - Skype Bypasses Windows 8.1 Lock Screen 2

ChristW writes: From a blog entry on the Skype website, it is clear that "you can answer calls directly from your lock screen". So, if I lock my Windows PC and walk away, any passer by can answer my personal Skype calls.

Submission + - Atlassian Drops Wiki Markup from Confluence, Insists Users Love It (atlassian.com)

An anonymous reader writes: I've been watching this story unfold for a while now. Atlassian has removed wiki markup from their enterprise "wiki" (is it a wiki without wiki markup?). Two versions later and users still can't upgrade because the new markup-less tool can't produce PDF output and has an unusable WYSIWYG text editor.

Atlassian's response to the outraged response, a typical walled garden playground where Atlassian will "listen" to feedback and insist that users still love the downgrade, non-functional software.

Submission + - The Avanti Group: Attacking us through our technology is scam 2.0

genebiemarls writes: Source: http://www.hispanicbusiness.com/2013/8/27/attacking_us_through_our_technology_is.htm

Your computer is fraught with perils.

Most of us depend on this piece of equipment for multiple tasks in our lives yet know little about how it works. That makes us vulnerable to those looking to take advantage of our lack of technological sophistication.

Awareness is the best protection. So I'm passing on the experiences of readers who contacted The Pilot last month to alert us to two different computer scams that tried to make them victims.

John C. Edwards got an unsolicited call last month from someone who identified himself as working for "Windows Technical Services." The company had a report, the caller said, that Edwards was having a problem with the Microsoft Windows operating system.

"You do have a Windows machine?" the caller confirmed with Edwards.

"I should have caught on right there," Edwards, 69, told me during an interview last week.

The Virginia Beach resident had struggled with a few problems with his Microsoft security update, so he continued with the call. The supposed technician said he needed to connect remotely to Edwards' computer. Again, Edwards was skeptical but proceeded.

The distant technician began to work on some programs behind other windows open on Edwards' computer screen. "I had a whole bunch of corrupted files on my computer, and they were going to help me get rid of them," Edwards said the caller told him.

After a short time, Edwards grew wary and cut off the call. He never paid any money and believes he thwarted whatever the caller wanted to accomplish, "because they've been calling me ever since."

Edwards was a target of a likely "tech support scam," as the Federal Trade Commission calls it. Callers pose as technicians from operations that sound similar to major technology companies — Microsoft, Dell or security software makers Norton and McAfee. Once they gain access to a consumer's computer, they claim to find some kind of problem and pressure the consumer to pay anywhere from $130 to $300 to fix it, said Colleen Robbins, chief of online threat initiatives for the commission.

The commission heard the first complaints about this kind of scam in 2008, Robbins said. In October, the commission sued six companies accused of operating fraudulent tech support and has since settled a case against one individual.

The first clue that these callers aren't legit: Microsoft and the other companies will never call you unsolicited to offer tech support.

The commission found no evidence that the phony technicians stole personal information from victims' computers. "They want consumers' money," Robbins said.

Still, she advised that consumers who gave these operators access to their computers should change their passwords, consider visiting a computer repair expert to check for a breach, and watch their credit reports for signs that personal account information was stolen.

And, she said, they should adhere to this lesson: "If you don't know who they are, don't let them into your computer."

Some unscrupulous actors will get into your computer even when you don't allow them access.

That's what Judith Martin discovered. Her son turned on her computer in early July and saw a frightening message pop up on the screen.

It said the U.S. Department of Justice had found some kind of illegal activity on her computer and blocked further use of it. The message instructed her to pay a $300 fee to remove the block by ordering a prepaid MoneyPak card — even suggesting retailers such as Wal-Mart and Walgreens that sell it — and providing the account number on the screen.

Martin, 71, realized someone was trying to swindle her.

The so-called "FBI virus" is a form of computer malware, sometimes called "ransomware" because it holds your computer hostage for money.

Martin, a retired high school math teacher who lives in Virginia Beach, didn't buy a MoneyPak but did have to pay a computer repair service about $100 to get the virus removed from her computer. "It was very unnerving, just the idea that they would try to do that to people," she said.

Cox Communications' technicians have helped its high-speed Internet customers remove the FBI virus. The virus typically attacks a computer when the user clicks a link on a website or in an email, which might appear innocent, said Sarah Weaver, a spokeswoman at the cable company's local headquarters in Chesapeake.

Once removed, the virus doesn't seem to cause lasting damage or recur — unless the consumer stumbles upon another tainted link, Weaver said.

Submission + - http://istumblrdown Shuttered by Cease and Desist Order (istumblrdown.com)

TrueSatan writes: Blogging platform Tumblr has issued a Cease and desist notice to http://istumblrdown.com/ a rather trivial and harmless site that simply offered status updates for Tumblr. The site owner claims this to be symptomatic of Tumblr's disregard for users needs quoting http://zachinglis.com/posts/why-tumblr-sucks and their fixation on banning users rather than any more positive improvements they might make to their platform. http://www.dailydot.com/news/missing-e-banned-tumblr/

Slashdot Top Deals

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins

Working...