Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Oil Detection Methods Miss Important Class Of Chemicals (acs.org)

MTorrice writes: "For decades, scientists studying oil spills have relied on the same analytical methods when tracking the movement of oil and assessing a spill’s environmental impact. But these techniques miss an entire class of compounds that could account for about half of the total oil in some samples, according to research presented last week at the Gulf of Mexico Oil Spill & Ecosystem Science Conference, in New Orleans. These chemicals could explain the fate of some of the oil released in the 2010 Deepwater Horizon accident and other spills, the researchers say."
GNU is Not Unix

Submission + - GNU C Library 2.17 Announced, Includes Support for 64-bit ARM (paritynews.com)

hypnosec writes: A new version of GNU C Library (glibc) has been released and with this new version comes support for the upcoming 64-bit ARM architecture a.k.a. AArch64. Version 2.17 of glibc not only includes support for ARM, it also comes with better support for cross-compilation and testing; optimized versions of memcpy, memset, and memcmp for System z10 and zEnterprise z196; optimized version of string functions on top of some quite a few other performance improvements states the mailing list release announcement. Glibc v 2.17 can be used with a minimum Linux kernel version 2.6.16.

Submission + - The Cost of Crappy Security in Software Infrastructure (oreilly.com)

blackbearnh writes: Everyone these days knows that you have to double and triple check your code for security vulnerabilities, and make sure that your servers are locked down as tight as you can. But why? Because our underlying operating systems, languages, and platforms do such a crappy job protecting us from ourselves. A new article suggests that the inevitable result of clamoring for new features, rather than demanding rock-solid infrastructure, is that the developer community wastes huge amounts of time protecting their applications from exploits that should never be possible in the first place. TFA: The next time you hear about a site that gets pwned by a buffer overrun exploit, don't think "stupid developers!", think "stupid industry!"

Submission + - Running Apps from the Dashboard: A Good Idea? (blogspot.com)

An anonymous reader writes: I guess is was inevitable, now that BMW is letting you view and make tweets from behind the wheel, but is it really a good idea to let people run smartphone apps from their dashboard monitor? I guess for navigation you could run your favorite map-app there, but there is nothing to stop people from running other apps on their dashbaord too. It might be better than texting from the handset, but I'm not sure I want people playing Angry Birds while they drive.

Submission + - Symantec: More Malware on Religious Sites Than Porn Sites (esecurityplanet.com) 1

kongshem writes: "According to Symantec's annual Internet Security Threat Report, religious and ideological websites have far more security threats per infected site than adult/pornographic sites. Why is that? Symantec's theory: "We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free — it's not good for repeat business,""

Submission + - Maintain privacy by poisoning the privacy well (openthefuture.com) 1

Boawk writes: Can we protect our privacy by flooding the internet with false information about ourselves?

It’s the last approach that really interests me: Pollution. Poisoning the data stream. Putting out enough false information that the real information becomes unreliable. At that point, anyone wishing to know the truth about me has to come to me directly, allowing me to control access. It’s hardly a perfect option — the untrue things can be permanently connected to you, and it does kind of make you hard to trust online — but it’s the one approach to opacity that’s purely social and extremely difficult to stop.


Submission + - Microsoft to support ODF 1.2 open document standard in Office 15 (computerworld.com)

An anonymous reader writes: Full OpenDocument (ODF) 1.2 support will be coming in Microsoft Office 15.

Most competing office software has already been updated to support the ODF 1.2 standard that was ratified in September 2011. Supporting the enhanced and stricter 1.2 standard will mean interoperability with many other office solutions will be greatly improved.

The exact motives for Microsoft to jump on the OpenDocument bandwagon are unclear. However, considering an increasing amount of large organisations — particularly national governments- are requiring ODF support from their software vendors, the motive may be purely business.


Submission + - More evidence Apple is building a killer Maps app (edibleapple.com)

An anonymous reader writes: If you know anything about Apple, you know that they hate relying on third party technology if they can come up with their own solution. To that end, Apple has made a number of interesting map-based acquisitions over the past year or two and recently discovered language in a new legal section in iOS 5 titled “Map Data” suggests that Apple’s own mapping solution may be very close to becoming a reality.

Submission + - Physicists Develop Quantum Public Key Encryption (technologyreview.com)

KentuckyFC writes: "Public key cryptography allows anybody to encrypt a message using a public key but only those with another private key can decrypt the message. That's possible because of certain mathematical functions that are easy to perform in one direction but hard to do in reverse. The most famous example is multiplication. It's easy to multiply two numbers together to get a third but hard to start with the third number and work out its factors. Now Japanese researchers have discovered a quantum problem that is hard to solve in one direction but easy to do in reverse. This asymmetry, they say, could form the basis of a new kind of quantum public key cryptography. Their system is based on the problem of distinguishing between two ensembles of quantum states. This is similar to the problem of determining whether two graphs are identical, ie whether they correspond vertex-for-vertex and edge-for-edge. Increasing the complexity of the graph can always make this problem practically impossible for a quantum computer to solve in a reasonable time. But knowing the structure of a subset of the graph makes this problem easy, so this acts as a kind of private key for decrypting messages."

Submission + - First Ever HIPAA Fine is $4.3M (threatpost.com)

Trailrunner7 writes: The health care industry's toothless tiger finally bared its teeth, as the U.S. Department of Health and Human Services issued a $4.3 m fine to a Maryland health care provider for violations of the HIPAA Privacy Rule. The action is the first monetary fine issued since the Act was passed in 1996.

The U.S. Department of Health and Human Services (HHS) issued a Notice of Final Determination to Cignet Health care of Temple Hills, Maryland on February 4. The notice followed a finding by HHS's Office of Civil Rights that Cignet failed to provide 41 patients with copies of their medical records and for failing to respond to requests from HHS's Office of Civil Rights for information related to the complaints.

Submission + - High Severity BIND Vulnerability Advisory Issued (securityweek.com)

wiredmikey writes: The Internet Systems Consortium (ISC) and US-CERT have issued a high severity vulnerability warning, discovered by Neustar, which affects BIND, the most widely used DNS software on the Internet. Successful exploitation could enable attacker to cause Bind servers to stop processing all requests.

According to the disclosure, "When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur. This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition."

Submission + - George Hulme on How to Respond to a Data Breach (threatpost.com)

Gunkerty Jeb writes: Data breaches are an area of increasing concern in the internet era. It is no longer a matter of if – but when – a crisis will happen. And then it comes down to the extent of the crisis and your level of preparedness. It's like data backup: You cant wait until your server goes AWOL to decide how to react. If you are not prepared when it happens, it's too late. So, how does an organization brace for the potential blowback from a breach – or any other major security event?

Submission + - 3 Fired For Accessing Shooting Victims' Records (computerworld.com)

CWmike writes: Three employees at Tucson's University Medical Center have been fired for improperly accessing the medical records of some of the victims in last Saturday's shooting spree outside an area mall that killed six people and wounded 13, including U.S. Rep. Gabrielle Giffords (D-Ariz.). A nurse working under contract for the hospital has also been terminated by her employer, the medical center said in a brief statement on its Web site. Many of the victims, including Giffords, are being treated at the hospital. UMC said the three clinical support staff were caught inappropriately accessing the confidential electronic medical records of some of the victims. They were fired 'in accordance with UMC's zero-tolerance policy on patient privacy violations.' So far there is no indication that any of the improperly accessed information has been released publicly, the statement said. The families of the victims whose information was breached have been notified of the incident, the hospital added.

Submission + - Book Review

An anonymous reader writes: Book Review

Coded Messages: How the CIA and NSA Hoodwink Congress and The People

Author: Nelson McAvoy
Pages: 173 plus appendicies
Publisher: Algora Publishing
Rating: 9/10
Reviewer: Anonymous
ISBN: 978-0-87586-814-1

Summary: A math and physics geek, who was present at the founding of
the NSA, an NSA spy, a member of the MIT faculty and NASA's Director
of Space-Based Laser Communications, explains cryptography throughout
recent centuries, how Phil Zimmerman changed the fundamental mission
of the NSA, and why that means the NSA now should be subject to
Congressional oversight.

One October afternoon in 2009, I was on a long-distance bicycle trip
along a surprisingly-flat route through West Virginia, loaded with
panniers, tent, and sleeping bag, when a car pulled ahead, slowed
down, and a hand from the window waved me to a stop. Thus began my
introduction to Nelson McAvoy, an 80-something fellow long-distance
cyclist, athletically dressed and with a whistle, on his way to
referree a kids' soccer game.

It took only minutes to learn that Nelson had written well-known books
about teaching soccer to youth, had been an NSA spy and had worked
for MIT and for NASA. Nelson had to referree the soccer game, so we
exchanged phone numbers and I rode to the next town, 35 miles
away. Nelson met me for breakfast.

We talked all day. Nelson was happy to converse with someone who knew
the basics of RSA public key cryptography, had heard of Phil
Zimmerman, PGP, and Phil's legal saga, who could at least participate
in a conversation about masers, the hydrogen line, and the NSA's need
for low-power amplifiers at 1.42GHz to intercept MiG in-flight
communications, and who was interested in what it was like as a
Westerner to bicycle through Eastern Germany the day the Berlin Wall
came down. I was delighted that my bicycle trip had enabled me to
spend the day with someone with such common interests and interesting

I drew him out, pulling different parts of his story from him.
"Nelson, how did you become interested in soccer?" "It was part of my
NSA spy training. If you're going to claim to be from any part of the
world other than the United States, when someone rolls a ball toward
you, you better know what to do with your feet." "What did you work on
at NASA?" "Spaced-based laser communications, bouncing lasers from the
ground, then from satellite to satellite and finally back to the
ground. When it became clear that fiber optics was a better solution,
I decided it was time to retire." The following spring, Nelson sent
me the draft of his book, Coded Messages. The book covers almost
exactly the topics of my conversation with Nelson that previous

The book is written in a most personable way, a story written by a man
who, as a kid from a backwater part of West Virginia, became a
mathematician and went on to live as a spy. There are stories of wars
and generals, specifics of secret codes, surprise attacks,
infiltration, social engineering, and mathematical insights, all
peppered with personal stories of daring acts by those both within and
outside of governments, told by an insider who lived through the
events during and after the Korean War.

In the book's preface, Nelson states that, to his knowledge, no
current or former NSA employee has written a book about their
activities. From the Korean war, through Viet Nam, the Bay of Pigs,
the Cuban Missle Crisis, and through the invasion of Afghanistan,
Nelson has never seen an NSA employee interviewed, nor has he known of
one to be subpoenaed, by the Senate or Congress. Even after Mark Klein
revealed, in 2006, that AT&T allowed the NSA to splice into all of
AT&T's fiber optic cables in Los Angeles, NSA employees were not
interviewed. On the contrary, Congress retroactively immunized those
involved. Nelson contrasts that with the CIA, whose employees have
been supooenaed and interviewed by the thousands. This difference in
exposure and perception, Nelson states, was planned from the
beginnings of the NSA. Nelson says the story could not have been told
until 1997 and the book reveals why. As far as he knows, no one else
is around to tell the story and he would not like it to be lost to

Nelson reveals the myth that the CIA is an intelligence agency and
that the NSA's main job is communication's intelligence. Not so: the
CIA is a clandestine army, provocateurs. The NSA is the agency that
gathers intelligence, both COMINT and HUMINT, has a budget larger,
although classified, than the CIA and the FBI combined, and is
virtually unsupervised by Congress. It was designed that way from the

Nelson was at the meeting where the NSA was formed. The CIA was
established to take action that changes situations directly,
e.g. arming Afghanistan rebels as in "Charlie's War". The rebels were
not armed, nor was the Bay of Pigs invaded, in order to get
information. Calling the CIA an intelligence agency was a ruse,
allowing Congressional oversight of one agency, while leaving the real
intelligence-gathering agency, the NSA, free from such oversight. It
was recognized that this was unconstitutional but, Nelson says, it was
absolutely necessary due to the state of the art of cryptography at
the time. In other words, for mathematical reasons.

Coded Messages explains in great detail, with worked examples, the
history of cryptography, from the symmetric codes of the US Civil War
through World War II through to today's public key cryptography.
There is the story of Anson Stager, a 21-year-old telegrapher who
eventually devised a Civil War code never broken by the Confederacy. A
complete, worked example of that code is given in the book. Social
engineering was as much a problem then as it is now. General Grant
forced a cryptographer, under threat of military punishment, to share
the cipher. The full text of several telegram exchanges, given in the
book, reveals the War Department's outrage and General Grant's
extensive apologies and policy revisions because of that chastisement.
Even more pages are devoted to the Japanese symmetric code, JN-25,
used in World War II. Nelson discusses names, personalities and habits
of the team of cryptanalysts who hacked the Japanese code, along with
the associated battle plans.. Nelson learned much of this during his
time at Arlington Hall Station, when old timers would tell stories
they probably should not have told. Again, a fully-worked example of
the JN-25 code is given, including the katakana.

The stories about the cryptanalysts are at least as interesting as the
code itself. For example, Agnes Driscoll (nee Meyer), born in 1889,
was a math and physics major who cursed like a sailor and was the
Navy's Director of Naval Communications for the Code and Signal
division. Former members of the language school at Tokyo included
Eddie Layton, a personal friend of Admiral Yamamoto. Tommy Finnegan
used an early IBM computer. The coming Japanese attack on Midway was
confirmed by a social engineering attack, conceived by Lieutenant
W. Jasper Holmes, a University of Hawaii professor of engineering,
that caused the Japanese to send traffic that the US subsequently

Nelson shows how absolute secrecy was essential for those efforts.
Quiet, unnoticed human intelligence gathering played an important
role. If the enemy had any inkling that their codes were compromised,
they simply would have changed the addititive pages to their symmetric
ciphers and the US would have been back at square one. The secrecy
saved lives. Those lessons were learned during World War II and led to
the consolidation of separate intelligence agencies into the NSA.

Nelson describes how he came to be at the meeting where the NSA was
formed. He reviews his childhood in West Virginia, where, before he
learned to read, he built ham radios and built a rhombic antenna to
listen to the New York Metropolitan Opera, He discusses his time in
college in West Virginia. After being drafted, Nelson asked to be
allowed to design microwave antennas in lieu of more mundane
assignments. That led to his assignment to Arlington Hall Station,
where he proposed a radio direction finding study to enable more
accurate triangulation of enemy transmitters. It was in this role,
brought along to answer technical questions, that Neil Ganzert
included Nelson in a meeting, with General Harry Reicheldorfer, at
which representatives from Arlington Hall Station, the Army Security
Agency, the Joint Chiefs, and the White House were present.

The NSA had been established by President Truman with the stroke of a
pen. Under Eisenhower, the NSA was to have a permanent cadre of
operations, consolidating COMINT, communications intelligence, with
HUMINT, human intelligence. In order to infiltrate in order to break
symmetric ciphers, a group was needed for every major potential
foe. Each group would know the language, the culture, everything they
could learn about each entity of interest. That was the NSA, ten
thousand strong, highly educated, who throughout their lives couldn't
tell their spouses what they did at work. And so they socialized
together and avoided outsiders. There were clubs for every recreation,
with meetings held in every language, a vast array of unbelievable
variety, populated by US citizens whose job it was to know the world,
brought together to be able to understand every culture. Utmost
secrecy was necessary to save lives. They were obvious choices for

All of that changed on Friday, January 12, 1996 at 23:37:22, Pacific
Standard Time, when the US Attorney General declined to prosecute Phil
Zimmerman for exporting a terrorist weapon, the source code for Pretty
Good Privacy (PGP). Code breaking became a thing of the past.

Nelson gives a good review of the mathematics behind Diffie-Hellman
key exchange and RSA public key cryptography. The book explains, for
the educated lay person, the mathematics behind public key
cryptography and shows why even the NSA cannot break sufficiently
large public keys. Nelson tells Marty Hellman's story, from his Jewish
childhood in a Catholic Bronx neighborhood through his meeting, and
subsequent collaboration, with Whitfield Diffie. That was followed by
Rivest, Shamir, and Adleman's 1978 paper, which made public key
cryptosystems a reality. Inside the Fort George Meade intelligence
bastion, the top echelon was in denial and the rank-and-file took a
month or so to figure out the implications. Phil Zimmerman was
fascinated and began to develop source code to implement the RSA
algorithm in hopes of commercializing the program. Charles Merritt
began a parallel effort, only later learning about Phil's work and
beginning a collaboration with him that later was hampered by RSA
patents. Joe Biden, in 1991, introduced a Congressional bill that
would have forced a government back door in any crypto system. In
advance of the passage of that bill, Merritt began uploading PGP's
source to US bulletin boards, thus getting ahead of the
as-yet-unpassed law and avoiding RSA patent licensing.

This began a multi-year ordeal for Zimmerman, ending in 1996 with the
US's decision not to prosecute. In the meantime, PGP had become
available worldwide. Public key cryptography was available to the
public and it since has been used by organizations from Amnesty
International to witness protection organizations in the Balkins. That
public key cryptography is available to anyone is the reason we have
https, the secure connections needed for shopping online.

Public key cryptography also is used by nations and governments, which
leads to the conclusion that symmetric ciphers are a thing of the past
and that the primary reason for keeping the NSA out of the view of
Congressional oversight has disappeared. The NSA is out of the code
breaking business. The NSA has transformed, Nelson says, from a
code-breaking organization into a traffic analysis one. Where, before,
only employees were used at the NSA, today the traffic surveillance is
done primarily by contractors.

Nelson lays out the case that the need for absolute secrecy within the
NSA is no more and that it is time for Congressional oversight. Given
the near-constant rate of stories about increased surveillance and
consolidated intelligence databases since 9/11, Nelson's thesis
provides a timely and important impetus for public discussion.
Alongside that, with its historical perspective, war stories and
insights into mathematical personalities hard at work saving lives,
Coded Messages: How the CIA and NSA Hoodwink Congress and The People
is a pretty good read.

Slashdot Top Deals

Whom computers would destroy, they must first drive mad.