Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - John Cook's experiment with online science trolls

Lasrick writes: John Cook is a researcher who writes about climate change denial at SkepticalScience, and he writes here about dealing with online trolls. Not only has he turned online trolling into a source of data collection, but has also come up with a very effective way to deal with trolling. Great read: 'When I turn the spotlight around to expose the techniques of science denial, the reaction can be intense.'

Comment How about a pool of shared virtual SIM cards? (Score 5, Interesting) 107

I've thought about this a bit. Consider a consortium of like-minded privacy-concerned people that has a pool of virtual SIM cards (exceeding the user base by perhaps 2x or more). The group pays for the whole pool of SIM cards (end users pay the group, perhaps through bitcoin). Participating phones check out random virtual SIM cards (using some kind of cryptographic signature perhaps similar to blockchains to assure anonymity) periodically in order to ensure apparently random distribution. All transactions flow over a VPN to a common network and the phone itself is disabled (use VoIP). Web access runs through Privoxy or similar filtering to ensure there are no traceable bits. This should be fine until you start installing other apps.

This probably requires special hardware in order to "spoof" the consortium's SIM cards and swap between them with minimal downtime.

The Internet

Engineer Gets Tired Of Waiting For Telecom Companies To Wire His town -- So He Does It Himself (backchannel.com) 106

Gurb, 75 kilometers north of Barcelona, is a quiet farming community of 2,500. It has suddenly become a popular place, thanks to being the birthplace of Guifi.net, one of the world's "most important experiments in telecommunications." It was built by an engineer who got tired of waiting for Telefonica, the Spanish telecom giant, to provide internet access to the people of his community. At first he wanted an internet access for himself, but it soon became clear that he also wanted to help his neighbors. Guifi has grown from a single wifi node in 2004, to 30,000 working nodes today, including some fiber connections, with thousands more in the planning stages. An article on Backchannel today documents the tale of Guifi. From the article: The project is a testament to tireless efforts -- in governance, not just in adding hardware and software -- by Ramon Roca (the engineer who started it) and his colleagues. They've been unwavering in their commitment to open access, community control, network neutrality, and sustainability. In 2004, he bought some Linksys WiFI hackable routers with a mission to get himself and his neighbors connected to the Internet. This is how he did it: Roca turned on a router with a directional antenna he'd installed at the top of a tall building near the local government headquarters, the only place in town with Internet access -- a DSL line Telefonica had run to municipal governments throughout the region. The antenna was aimed, line of sight, toward Roca's home about six kilometers away. Soon, neighbors started asking for connections, and neighbors of neighbors, and so on. Beyond the cost of the router, access was free. Some nodes were turned into "supernodes" -- banks of routers in certain locations, or dedicated gear that accomplishes the same thing -- that could handle much more traffic in more robust ways. The network connected to high-capacity fiber optic lines, to handle the growing demand, and later connected to a major "peering" connection to the global Internet backbone that provides massive bandwidth. Guifi grew, and grew, and grew. But soon it became clear that connecting more and more nodes wasn't enough, so he created a not-for-profit entity, the Guifi.net Foundation. The foundation, thanks to its cause and a cheerful community, has received over a million Euros to date -- from various sources including several levels of government. But as the article notes, a million Euros is a drop in the bucket next to the lavish subsidies and favors that state-approved monopolies such as Telefonica have enjoyed for decades. The article adds: The Guifi Foundation isn't the paid provider of most Internet service to end-user (home and business) customers. That role falls to more than 20 for-profit internet service providers that operate on the overall platform. The ISPs share infrastructure costs according to how much demand they put on the overall system. They pay fees to the foundation for its services -- a key source of funding for the overall project. Then they offer various kinds of services to end users, such as installing connections -- lately they've been install fiber-optic access in some communities -- managing traffic flows, offering email, handling customer and technical support, and so on. The prices these ISPs charge are, to this American (Editor's note: the author is referring to himself) who's accustomed to broadband-cartel greed, staggeringly inexpensive: 18 to 35 Euros (currently about $26-$37) a month for gigabit fiber, and much less for slower WiFi. Community ownership and ISP competition does wonders for affordability. Contrast this with the U.S. broadband system, where competitive dial-up phone access -- phone companies were obliged to let all ISPs use the lines as the early commercial Internet flourished in the 1990s -- gave way to a cartel of DSL and cable providers. Except in a few places where there's actual competition, we pay way more for much less.Read the story in its entirety here.
Microsoft

Skype Finalizes Its Move To the Cloud; To Kill Older Clients -- Remains Tight Lipped About Privacy (arstechnica.com) 74

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."
Databases

Ex Cardinal's Scouting Director Chris Correa Sentenced To 46 Months For Hacking Astros' Computer System (go.com) 42

New submitter yzf750 quotes a report from ESPN: A federal judge sentenced the former scouting director of the St. Louis Cardinals [Christopher Correa] to nearly four years in prison Monday for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. "The data breach was reported in June 2014 when Astros general manager Jeff Luhnow told reporters the team had been the victim of hackers who accessed servers and proceeded to publish online months of internal trade talks," reports ESPN. "Luhnow had previously worked for the Cardinals. The FBI said Correa was able to gain access using a password similar to that used by a Cardinals employee who 'had to turn over his Cardinals-owned laptop to Correa along with the laptop's password' when he was leaving for a job with the Astros in 2011. Prosecutors have said Correa in 2013 improperly downloaded a file of the Astros' scouting list of every eligible player for that year's draft. They say he also improperly viewed notes of trade discussions as well as a page that listed information such as potential bonus details, statistics and notes on recent performances and injuries by team prospects. Authorities say that after the Astros took security precautions involving [a database called Ground Control] following a Houston Chronicle story about the database, Correa was able to still get into it. Authorities say he hacked the email system and was able to view 118 pages of confidential information, including notes of trade discussions, player evaluations and a 2014 team draft board that had not yet been completed. Federal prosecutors say the hacking cost the Astros about $1.7 million, taking into account how Correa used the Astros' data to draft players. Christopher Correa had pleaded guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014, the same year he was promoted to director of baseball development in St. Louis. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution. He had faced up to five years in prison on each count."
Security

Hacker Uses Premium Rate Calls To Steal From Instagram, Google, Microsoft (helpnetsecurity.com) 37

Reader Orome1 writes: Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated. Swinnen calculated that, in theory, these options would allow an attacker to milk over 2 million euro per year from Instagram, 432,000 euro per year from Google, and nearly 700,000 euro from Microsoft by using a slew of fake accounts, multiple premium numbers, and different tools and approaches to automate the process.
Encryption

Windows Malware Poses As Ransomware, Just Deletes Victims' Files (slashgear.com) 118

An anonymous reader writes: Ranscam, a ransom malware reported by Cisco's Talos Security Intelligence group, claims to have encrypted victims' files and hold them for ransom, but in actuality it has already deleted those files and is simply trying to trick its victims into paying to recover files that are no longer there anymore. SlashGear reports: "Most ransomware follow a similar tactic once they get control of a computer or mobile device. They encrypt certain files, personal documents are a favorite, and then display a message instructing the user to pay, usually with bitcoins, to receive the decryption key to save their files. Ranscam, however, is completely without honor, as much honor as you can find among thieves and scam artists. It claims to have encrypted the users' files and then makes the usual demand. However, it adds an additional threat. For each time the user clicks on the 'payment sent' button but no payment was received, it threatens it will delete a file. That, however, is a total farce. In truth, files have already been deleted, so whether the victim pays or not is moot. The perpetrators don't have any way to recover those deleted files anyway. Also, the threats it flashes users are simply static images fetched from a remote server. Users might just as well be clicking on a two-slide presentation. The good news is that reported Ranscam infections are small, according to Cisco's Talos Security Intelligence group."

Comment Re:Are antivirus (especially free one) still relev (Score 1) 104

I'm not sure I follow; just because a piece of malware comes from the internet doesn't mean your only diligence must be in your web browser (... and email client, torrent client, ...). Nowadays, we're more plagued than ever when it comes to zero-day malware, meaning that A/V misses it the first time around. You need a local A/V scanner that regularly evaluates potential threats, ideally upon each execution.

Ad blockers only protect you from malvertising, not straight-up malicious web sites. These days, they're as important as A/V (and often more effective), but you really want both. Microsoft has in the past caught fewer viruses than even ClamAV (Windows Defender is lauded as "better than nothing, but it’s not a whole lot better. Most of the popular antivirus [solutions] can do better." I'd happily take the free solutions from Avira, Avast, AVG, or Panda over it. I currently suggest Avira to my friends and family, though I don't run Windows.

See also this security question on Stack Exchange, which shows how a similar misconception (protecting only filesystem edits) is similarly risky.

Security

Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (fortune.com) 113

Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica:The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.

Comment presumably low power consumption? (Score 3, Interesting) 60

I couldn't see notes about how the thing is powered, but a third major benefit from this sort of thing may be that its battery usage is negligible. That means you can do so much more than an ambient light sensor. Consider a wearable that scans QR codes automatically, so it's already available when you want it (you never miss the opportunity to get it, nor do you have to fumble around with lining it up or getting it in focus). Now consider the same for facial recognition. This clearly has privacy implications even without being ~invisible.

If it's also cheap enough, you could even knit it into clothing (just encase it so it's water-safe and able to handle temperatures from -40 to 200F). Sensors everywhere, knowing everything you've been in contact with, helping track the spread of diseases ... or just your lost keys.

Also, a big thank you to the submitter, who actually linked the original academic paper in the main Slashdot story. We need more of that.

Medicine

Micro-Camera Can Be Injected With A Syringe -- May Pose Surveillance Concerns (phys.org) 60

Taco Cowboy quotes a report from ABC Online: German engineers have created a camera no bigger than a grain of salt that could change the future of health imaging -- and clandestine surveillance. Using 3D printing, researchers from the University of Stuttgart built a three-lens camera, and fit it onto the end of an optical fiber the width of two hairs. Such technology could be used as minimally-intrusive endoscopes for exploring inside the human body, the engineers reported in the journal Nature Photonics. The compound lens of the camera is just 100 micrometers (0.1 millimeters) wide, and 120 micrometers with its casing. It could also be deployed in virtually invisible security monitors, or mini-robots with "autonomous vision." The compound lens can also be printed onto image sensor other than optical fibers, such as those used in digital cameras. The researchers said it only took a few hours to design, manufacture and test the camera, which yielded "high optical performances and tremendous compactness." They believe the 3D printing method -- used to create the camera -- may represent "a paradigm shift."

Submission + - SPAM: 3D printed Camera - possible use in surveillance

Taco Cowboy writes: German engineers have created a camera no bigger than a grain of salt that could change the future of health imaging — and clandestine surveillance

Using 3D printing, researchers from the University of Stuttgart built a three-lens camera, and fit it onto the end of an optical fibre the width of two hairs

Such technology could be used as minimally-intrusive endoscopes for exploring inside the human body, the engineers reported in the journal Nature Photonics

The compound lens of the camera is just 100 micrometres (0.1 millimetres) wide, and 120 micrometres with its casing

It could also be deployed in virtually invisible security monitors, or mini-robots with "autonomous vision"

The compound lens can also be printed onto image sensor other than optical fibres, such as those used in digital cameras

[spam URL stripped]...

Link to Original Source

Comment They probably use IP for location (Score 1) 95

At my last job, I walked a coworker through setting up a LinkedIn account. As soon as he had created the account, but before he had entered any information (beyond an email that had never been shared with coworkers), he was getting suggestions from lots of coworkers, not including me. Why? Presumably because our network was behind a NAT, so these people had all connected from the same IP address. (I wasn't suggested because I used a proxy to surf the web.)

IP addresses are decently telling. If I were Facebook or LinkedIn, I'd certainly leverage IP CIDRs (or else ASN + GeoIP) as a part of the friend suggestion algorithm, and if it was the only data available, it'd end up being decently obvious to anybody thinking about where their suggestions come from. Of course, I'd also filter that list of suggestions by perceived "social hubs," people who tend to be well connected, as that's the best way to grow a social network.

Phones' locations may be too specific for this sort of thing – unless they're kept in a database to note the places you frequent (are you at the festival, or are you passing by it to go to the store? are you regularly at auto parts stores, or do you just need new tires?). There's enough information from photo geotagging, check-ins, likes, and IP CIDR/ASN/geolocation to sufficiently boost the more informative social network itself.

Slashdot Top Deals

Beware of the Turing Tar-pit in which everything is possible but nothing of interest is easy.

Working...