37486845
submission
wiedzmin writes:
US House of Representatives voted 301-118 today, in favor of extending the FISA Amendments Act until December 31st, 2017, effectively reauthorizing the broad electronic eavesdropping powers that largely legalized the George W. Bush administration’s warrantless wiretapping program.
32279365
submission
wiedzmin writes:
The House approved Cyber Intelligence Sharing and Protection Act with a 248 to 168 vote today. CISPA allows internet service providers to share Internet "threat" information with government agencies, including DHS and NSA, without having to protect any personally identifying data of its customers, without a court order. It effectively immunizes ISPs from privacy lawsuits for disclosing customer information, grants them anti-trust protection on colluding on cybersecurity issues and allows them to bypass privacy laws when sharing data with each other.
29282935
submission
wiedzmin writes:
TSA agents in Dallas singled out female passengers to undergo screening in a body scanner, according to complaints filed by several women who said they felt the screeners intentionally targeted them to view their bodies. Allegedly, women with "cute bodies" were directed through the body scanners up to three times over by female agents, who appeared to be acting on a request from male agents viewing the scans in a separate room. Apparently this was done because the scans were "blurry", possibly due to autofocus problems with agents' smartphone cameras.
29026493
submission
wiedzmin writes:
A low-profile Chicago biologist, Michael Doyle, and his company Eola Technologies, who has once won a $521m patent lawsuit against Microsoft, claim that it was actually he and two co-inventors who invented, and patented, the “interactive web” before anyone else, back in 1993. Doyle argues that a program he created to allow doctors to view embryos over the early Internet, was the first program that allowed users to interact with images inside of a web browser window. He is therefore seeking royalties for the use of just about every modern interactive Internet technology, like watching videos or suggesting instant search results. Dozens of lawyers, representing the world’s biggest internet companies, including Yahoo, Amazon, Google and YouTube are acting as defendants in the case, which has even seen Tim Berners-Lee testify on Tuesday.
28945835
submission
wiedzmin writes:
A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month’s end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense.
27816552
submission
wiedzmin writes:
Japanese Defense Ministry has awarded Fujitsu a contract to develop a vigilante computer virus, which will track down and eliminate other viruses, or rather — their sources of origin. Are "good" viruses a bad idea? Sophos seems to think so.
23004048
submission
wiedzmin writes:
A California appeals court is striking down a voter-approved measure requiring every adult arrested on a felony charge to submit a DNA sample. Court questioned the extent to which technology can be permitted to diminish the privacy guaranteed by the Fourth Amendment. More than 1.6 million samples have been taken following the law’s 2009 implementation. Only about a half of those arrested in California are convicted.
20830294
submission
wiedzmin writes:
Subpoenas are expected to go out this week to ISP's in what could be a biggest BitTorrent downloading case in U.S. history. At least 23,000 file sharers are being targeted by the U.S. Copyright Group for downloading "Expendables". Company appears to have adopted Righthaven's strategy in blanket-suing large numbers of defendants and offering an option to quickly settle online for a moderate payment. The IP addresses of defendants have allegedly been collected by paid snoops capturing IP addresses of all peers who were downloading or seeding Sylvester Stallone's flick last year. I am curious to see how this will tie into the the BitTorrent case ruling made earlier this year, indicating that an IP address does not uniquely identify the person behind it.
17657186
submission
wiedzmin writes:
Anybody who has worked with or around anything dubbed as an "appliance" in the past 5 years, knows that they now usually come with a management web-interface, and that the web-interface is usually "secure". However, no company in their right mind (accounting mind that is) will spend $400/year per appliance to buy Verisign SSL certificates to secure web-interfaces on networks that may not even have Internet access at the time. So network administrators, and sometimes end-users, are stuck clicking away at the annoying "Continue to this website (not recommended)" messages every time they connect, setting an unhealthy precedence when it comes to the actual security of SSL and the much-hyped-about MITM attacks. So the question I have for the /. crowd is — do you have valid SSL certificates on your intranet sites and if so — what do you use? Any cost-neutral, or at least cost-conscious solutions out there that don't involve manually distributing your certificates and CRL to every workstation in the company? Thanks.
16020328
submission
wiedzmin writes:
"This month, officials from the Unique Identification Authority of India (UIDAI), armed with fingerprinting machines, iris scanners and cameras hooked to laptops, will fan out across the towns and villages of southern Andhra Pradesh state in the first phase of the project whose aim is to give every Indian a lifelong Unique ID (UID) number for "anytime, anywhere" biometric authentication. While enrolling with the UIDAI may be voluntary, other agencies and service providers might require a UID number in order to transact business. Usha Ramanathan, a prominent legal expert who is attached to the Center for the Study of Developing Societies in the national capital, said that, taken to its logical limit, the UID project will make it impossible, in a couple of years, for an ordinary citizen to undertake a simple task such as traveling within the country without a UID number." Next step, tying that UID number and biometric information to to their RIM BlackBerry PIN number.
15818976
submission
wiedzmin writes:
Public broadcaster ARD's show 'Plusminus' teamed up with a known hacker organization "Chaos Computer Club" (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN number meant to be used as a digital signature for official government business and beyond.
8762642
submission
wiedzmin writes:
D-Link announced today that the problem, discovered by security researchers SourceSec, affects three of its wireless routers: DIR-855 (hardware version A2), DIR-655 (versions A1 to A4) and DIR-635 (version B) and lies in D-Link's implementation of Cisco's Home Network Administration Protocol (HNAP), which allows remote router configuration. The scope of the vulnerability is greatly reduced by the fact that the above routers have not been shipped with the affected firmware by default, so only those customers who updated their firmware could be affected. Or at least this was indicated in the company's response to the SourceSac claim that all D-Link routers sold since 2006 were affected.
7105748
submission
wiedzmin writes:
Facebook's Joe Hewitt, Second Gear's Justin Williams, long-time Mac software developer known as "Rogue Amoeba" and other respected App Store developers have recently decided to discontinue their work on the platform, citing their frustration with Apple's opaque approval processes. Continued issues with erroneous and snap application and API rejections are prompting more and more developers to shun the platform entirely. Though there are tens of thousands of other developers pumping out over 100,000 iPhone apps, continued migration away from iPhone development will most likely result in less quality software for the platform.
7104044
submission
wiedzmin writes:
DeCODE Genetics, a genetics research firm from Iceland has filed for bankruptcy in the U.S. and Saga Investments, a U.S. venture capital firm, has already put in a bid to buy deCODE’s operations, raising privacy concerns about the fate of customer DNA samples and records. The company hasn’t disclosed how many clients signed up for its service, but provides a number of customer testimonials on its site, including Dorrit Mousaieff, Iceland’s first lady.
3306843
submission
wiedzmin writes:
Another interesting article published by the SANS ISC Handler's Diary is describing a very unusual vector for malware distribution — windshield fliers and fake parking tickets. A website URL provided for "disputing a ticket" actually leads to a malicious website, and a "toolbar" required to find the photo of your violation is, you guessed it, a trojan posing as a fake antivirus. The best part is — according to the VirusTotal report, it doesn't look like most antiviruses have signatures for this one yet. See the original article here.
