realized writes: For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.
As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.
The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption.
EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP’s own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff’s department even bought a copy for every family in its county.
Some of the agencies that have used it include U.S. Marshals — Under Director John Clark, Los Angeles County District Attorney's Office gave out the program for "free" to 6,700 foster parents, Riverside County District Attorney's Office, San Diego County District Attorney's Office, Palm Beach County Sheriff's Office,
What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. So we begin to wonder—are some of them U.S. government interceptors? Or are some of them Chinese interceptors?" says Goldsmith. "Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don't really know whose they are
realized writes: In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That’s more than twice as many cases as in 2012, when police said that they’d been stymied by crypto in four cases—and that was the first year they’d ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.
realized writes: when opening slashdot with firefox (not in chrome) slashdot refreshes every so often. It always reloads ads from "ib.Adnxs.com" and if you are lucky, it will try to download a present in the form of a virus.
realized writes: The patient had previously been diagnosed with both alopecia universalis, a disease that results in loss of all body hair, and plaque psoriasis, a condition characterized by scaly red areas of skin. The only hair on his body was within the psoriasis plaques on his head. He was referred to Yale Dermatology for treatment of the psoriasis. The alopecia universalis had never been treated.
According to Microsoft, it was ok because.. "As part of the investigation, we took the step of a limited review of this third party's Microsoft operated accounts. While Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances"
realized writes: AACS (Advanced Access Content System), a a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony sued Chinese-based DVDFab from distributing its software that enabled users to circumvent the AACS Technology.
Federal judge however felt like overreaching and making sure people know he means real business.
From the court order:
Any third party service providers providing services to Defendants in connection with any of the DVDFab Domain Names, the DVDFab Websites or the DVDFab Social Media Accounts, and who receive actual notice of this Order, including without limitation, web hosting providers, social media or other online service providers (including without limitation, Facebook, Twitter, YouTube and Google+), back-end service providers, web designers, distributors, search-based online advertising services (such as through paid inclusion, paid search results, sponsored search results, sponsored links, and Internet keyword advertising), and any banks, savings and loan associations, merchant account providers, payment processors and providers, credit card associations, or other financial institutions which receive or process payments or hold assets on Defendants' behalf (including without limitation, Avangate Inc., Avangate B.V., PayPal, Western Union, PayEase, IPS Ltd., Realypay, WorldPay, Opus Payments, Amazon Payments, WorldPay, Money Gram International, WebMoney, Visa, MasterCard, Discover, American Express, Visa Electron, Maestro, Solo, Laser, and Carte Bleue) for any Defendant or any of the DVDFab Domain Names or the DVDFab Websites, and who receive actual notice of this Order, shall, within three (3) days of receipt of this Order, cease or disable providing such services to: a) Defendants in relation to the DVDFab Software and/or any other products or services that circumvent the AACS Technology; andb) any and all of the DVDFab Domain Names, the DVDFab Websites or DVDFab Social Media Accounts.
“Today QUANTUM packs a suite of attack tools, including both DNS injection (upgrading the man-on-the-side to a man-in-the-middle, allowing bogus certificates and similar routines to break SSL) and HTTP injection. That reasonable enough. But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party’s database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.)”
According to reports, the company's CEO, Scott Heiferman, got an email that said “A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer”.
Before Heiferman finished reading the email the company started getting attacked.
realized writes: Sprint, like all the nation’s carriers, must comply with the Communications Assistance in Law Enforcement Act of 1994, which requires telcos to be capable of providing government-ordered wiretapping services. The act also allows carriers to recoup “reasonable expenses” associated with those services.
Sprint inflated charges approximately 58 percent between 2007 and 2010, according to a lawsuit the administration brought against the carrier today.
“As alleged, Sprint over billed law enforcement agencies for carrying out court-ordered intercepts, causing a significant loss to the government’s limited resources,” said San Francisco U.S. Attorney Melinda Haag.
realized writes: In the second cyber attack on a big box store, Neiman Marcus says it was hacked and is currently working with the secret service. Ginger Reeder, spokeswoman for Neiman Marcus Group Ltd has confirmed that the company was notified in mid-December about the possible breach by their credit card processor whom noticed potentially unauthorized payment activity following customer purchases at Neiman Marcus.
realized writes: AOL has licensed its CrunchBase data under a free Creative Commons license. But once a startup decided to use the CrunchBase AOL threatened to sue them. Startup "Pro Populi" launched apps for apps for Google Glass and the iPhone that uses the CrunchBase database in its entirety. CrunchBase database has been published continuously under the Creative Commons CC-BY attribution license, which permits any use.
However, AOL seems to be upset that people are using their data. Quoted letter from AOL lawyers to the startup:
On the chance that you may have misinterpreted Matt’s willingness to discuss the matter with you last week, and our reference to this as a ‘request,’ let me make clear, in more formal language, that we demand that People+ immediately cease and desist from its current violation and infringement of AOL’s/TechCrunch’s proprietary rights and other rights to CrunchBase, by removing the CrunchBase content from your People+ product and by ceasing any other use of CrunchBase-provided content
The Electronic Frontier Foundation, which is representing the startup, sent AOL a letter Monday saying “People+ has the right to continue using the material that People+ has gathered to date.
Customer: Clicking ‘Save and Continue’ does not allow me to move forward Obamacare rep: Don’t lose your sanity over this website. Try it. If it doesn’t work, walk away. Try it tomorrow,” the representative wrote back
Customer: I had the login problems for the first 11 days Obamacare: Imagine you are stuck in this site’s rush hour traffic. You still exist. You just aren’t going anywhere
Customer: You have no way to assist those that ask for help? Obamacare: Don’t run with scissors
Hieu Minh Ngo, the website owner, has recently been charged with 15-count indictment filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud.
The latest indication of the haphazard way in which Healthcare.gov was developed is the uncredited use of a copyrighted web script for a data function used by the site, a violation of the licensing agreement for the software.
The script in question is called DataTables, a very long and complex piece of website software used for formatting and presenting data. DataTables was developed by a British company called SpryMedia which licenses the open-source software freely to anyone who complies with the licensing agreement.
... a cursory comparison of the two scripts removes any doubt that the source for the script used at Healthcare.gov is indeed the SpryMedia script. The Healthcare.gov version even retained easily identifiable comments by the script's author...