I know it's bad form to RTFA, but here's the part where they talk about their current inability to properly decrypt the payload:

The malware uses that configuration to generate a key to unlock the payload and unleash it. Once it finds the configuration itâ(TM)s looking for, it uses that configuration data to perform 10,000 iterations of MD5 to generate a 128-bit RC4 key, which is then used to decrypt the payload. âoeUnless you meet these specific requirements, youâ(TM)re not going to generate the right key to decrypt it,â Schoewenberg says.

What actually happened was that the State Department purchased some anti-Al-Qaeda ads to run when certain key terms were also on the screen, similar to how AdWords works. It's a pretty interesting concept, really - the necessity of displaying advertising on a site can open the door for alternative messages/realities to reach the viewer.

What I used to love about slashdot was the discussions that would result from articles and questions. But now everyone just jumps down the submitter's throat (though part of that is deserved in this case, especially coming from a brand-new account) if the question isn't phrased properly. Yes, censorship is bad, clandestine monitoring is bad, we should all trust each other, etc. but we all know that isn't the case. Only by offering solutions can we help improve our collective level of problem-solving. For example, I'm already thinking about several ways around this: is there any way to stop a user from using a VPN (or use your monitoring solution to impersonate one), and how are you going to deal with SSL traffic?

The program in question is wicd, which is a wireless network manager. And it's not like BT is a particularly secure distro - it's for pentesting, so most of it's functionality is only useful if you run as root...

Yes, it's too simple to actually work, but after data breaches like this, Epsilon should be required to publish all the data that was compromised. It devalues the data held by the malicious entity (a deterrent against future attacks), and allows security personnel to more accurately gauge the risk and present additional strategies for mitigation. Any action that reduces the value of these databases is a step in the right direction.

I wouldn't trust any site to purposefully ignore information that could be logged. Best option is to make that data worthless (via proxies, Tor, etc.).

I don't think it's a matter of being "well-intentioned" software. One nice feature to add to publishing software would be a "redact metadata" option for publishers. Also, the type of metadata in this case is laughably easy to spoof and cannot be relied upon - why wouldn't I register my desktop publishing software with the name of an enemy?

The case was Kyllo v. United States - the ruling was that use of a thermal imaging device is considered a "search."

So Comcast offers ultra-fast speeds at a ridiculous price. Rich p2p pirates purchase this service, get tracked, and get sued.

This could also lead to "harder" GB caps at lower tiers, encouraging users to bump up to a more expensive service.

While I think better last-mile speeds are important, I can't see many "residential" customers willing to pay $100 more per month for increased bandwidth - if you really need that much, you probably already have a business account. There just aren't existing net applications which gain significant performance advantages at these speeds (though I'm sure they're coming).