Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Obama Releases National Strategy for Information Sharing (

wiredmikey writes: President Obama on Wednesday released a national strategy designed to balance the sharing of information with those who need it to keep the country safe, while protecting the same data from those who would use it to cause harm. "The National Strategy for Information Sharing and Safeguarding" outlines how the government will attempt to responsibly share and protect data that enhances national security and protects the American people. The national strategy will define how the federal government and its assorted departments and agencies share their data. Agencies can also share services and work towards data and network interoperability to be more efficient, the President said.

The President aimed to address concerns over Privacy by noting, "This strategy makes it clear that the individual privacy, civil rights and civil liberties of United States persons must be — and will be — protected."

More on the strategy is available here and the full document is available here in PDF format from the White House website.


Submission + - Senate Panel Approves Bill to Boost Email Privacy (

wiredmikey writes: A US Senate panel approved a bill to boost email privacy protections on Thursday. The privacy measure, if enacted, would force police to obtain a warrant (in most cases) to access email accounts. The approval follows widespread uproar over the FBI probe that toppled CIA director David Petraeus.

The proposal had been pending for some time but garnered increased attention after the resignation of Petraeus earlier this month due to an extramarital affair exposed by a search of his email records.

Gregory Nojeim of the Center for Democracy and Technology said the measure "keeps the government from turning cloud providers into a one-stop convenience store for government investigators and requires government investigators to do for online communications what they already do in the offline world: Get a warrant."


Submission + - US Supreme Court Says Wiretapping Immunity Will Stand (

wiredmikey writes: The US Supreme Court said this week that it will let stand an immunity law on wiretapping viewed by government as a useful anti-terror tool but criticized by privacy advocates.

The top US court declined to review a December 2011 appeals court decision that rejected a lawsuit against AT&T for helping the NSA monitor its customers' phone calls and Internet traffic. Plaintiffs argue that the law allows the executive branch to conduct "warrantless and suspicionless domestic surveillance" without fear of review by the courts and at the sole discretion of the attorney general. The Obama administration has argued to keep the immunity law in place, saying it would imperil national security to end such cooperation between the intelligence agencies and telecom companies.

The Supreme Court is set to hear a separate case later this month in which civil liberties' group are suing NSA officials for authorizing unconstitutional wiretapping.


Submission + - "Knitted" Wifi Routers Create Failover Network for First Responders (

wiredmikey writes: Wireless Internet routers used in homes and offices could be knitted together to provide a communications system for emergency responders if the mobile phone network fails, German scientists reported on Monday.

In many countries, routers are so commonplace that they could be used by police and fire departments if cell towers and networks are down or overwhelmed by people caught up in an emergency, they say. This rich density means that an emergency network could piggyback on nearby routers, giving first responders access to the Internet and contact with their headquarters.

The researchers suggest that routers incorporate an emergency "switch" that responders can activate to set up a backup network, thus giving them a voice and data link through the Internet. This could be done quite easily without impeding users or intruding on their privacy, the study argues. Many routers already have a "guest" mode, meaning a supplementary channel that allows visitors to use a home's wifi.


Submission + - 'SMSZombie' Malware Infects 500,000 Android Users in China (

wiredmikey writes: Researchers have recently discovered a new sophisticated and resilient mobile threat targeting Android phones that is said to have infected about 500,000 devices, mainly in China. Called “SMSZombie”, the malware is stubborn and hard to remove, but users outside of China have little to worry about with this latest discovery. The prime function of the mobile malware is to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.

The malware takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments to premium service providers, and can also remotely control the infected device.

It has been spread via wallpaper apps that sport provocative titles and nude photos, and can only be removed using a lengthy process beyond the skills of a typical android user.


Submission + - Google Smacked With $22.5M Fine Over Safari Privacy Violation (

wiredmikey writes: The US Federal Trade Commission fined Google $22.5 million for violating the privacy of people who used rival Apple's Safari web browser even after pledging not to do so. The FTC said Google had agreed with the commission in October 2011 not to place tracking cookies on or deliver targeted ads to Safari users, but then went ahead and did so.

"For several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google's DoubleClick advertising network," the FTC said in a statement. "Google had previously told these users they would automatically be opted out of such tracking."

While Google agreed to the fine, it did NOT admit it had violated the earlier agreement.


Submission + - FinFisher 'Government Spyware' Found in Ten Countries (

wiredmikey writes: There are signs that the FinFisher "lawful interception" spyware may be installed on command-and-control computers in at least ten different countries, including the United States, according new research.

FinFisher secretly monitors computers by turning on webcams, recording everything the user types with a keylogger, and intercepting Skype calls. It can also remotely take control of a computer. Gamma International Gmbh, a British company, sells the tool to law enforcement agencies and governments. As Slashdot reported, the first known analysis of FinFisher came from in July.

Rapid7 researchers analyzed samples and then looked for those attributes in a global scan of computers on the Internet, and found matches in Australia, Czech Republic, United Arab Emirates, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar, and the United States.

The matches simply indicate that these computers exhibit the "unique behavior associated with what is believed to be the FinFisher infrastructure," Claudio Guarnieri wrote in a blog post.

It's not known whether the US-based server identified by Guarnieri is associated with law enforcement or the federal government, or whether a private entity has gotten their hands on the tool.


Submission + - Cybersecurity Bill Fails Today in US Senate (

wiredmikey writes: A development following the recently posted story Senate Cybersecurity Bill Stalled By Ridiculous Amendments — The Cybersecurity Act of 2012 failed to advance in the US Senate on Thursday. The measure was blocked amid opposition from an unusual coalition of civil libertarians — who feared it could allow too much government snooping — and conservatives who said it would create a new bureaucracy.

The bill needed 60 votes in the 100-member Senate to advance under rules in the chamber, but got only 52. The failure came despite pleas from Obama and top US defense officials. The US Chamber of Commerce argued that the bill "could actually impede US cybersecurity by shifting businesses' resources away from implementing robust and effective security measures and toward meeting government mandates."


Submission + - Gun, Abortion Amendments Stall Senate Cybersecurity Bill ( 1

wiredmikey writes: Despite a recent push by legislators, it remains unclear whether the Senate will manage to vote on the proposed comprehensive cybersecurity legislation (Cybersecurity Act of 2012) before Congress adjourns at the end of the week for its summer recess. Once all the amendments (over 70) have been dealt with, the Senate could decide to vote on the bill immediately, or wait till after the summer recess.

As usual, the Democrats and Republicans have been unable to agree on which amendments will be considered, effectively stalling the bill. And most interesting, is that in typical U.S. political fashion, some of the amendments have nothing to with the topic on hand (cybersecurity):

For example, Sen. Frank Lautenberg (D-N.J.) has filed a measure to ban high-capacity ammunition clips as part of a gun-reform proposal. And Sen. Mike Lee (R-Utah) filed a bill that would ban abortion in Washington, D.C. after 20 weeks of pregnancy. Sen. Michael Bennet (D-Colo) and Tom Coburn (R-Okla) filed an amendment to expand the Office for Personnel Management's federal government's data center consolidation initiative. Senate Minority Leader Mitch McConnell (R-Ky.) suggested an amendment to repeal the Affordable Care Act.

Even if the Senate manages to pass some form of the bill, it would still have to conference with the House to introduce a joint version of the bill. This one would then have to pass both the Senate and the House, and then be signed by the President in order to become law.


Submission + - Apple Yanks Privacy App From The App Store (

wiredmikey writes: Back in May of this year, Internet security firm Bitdefender launched "Clueful", an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user.

Seems legit, right? Apple doesn’t think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore.

So why would Apple pull such an App from the App store? It’s unclear, and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.

It’s unclear why Apple would remove such an app from the App store. Perhaps Apple was able to call-out the company on a technicality that violates its terms of service. We don't know. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them.


Submission + - Backdoor Found in Anti-Censorship Tool Used in Syria and Iran (

wiredmikey writes: Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by has shown that malicious version isn’t available form the original software source, only through third-party access, so it appears that Simurgh has been repackaged.

The troubling aspect of the malicious version is that it does install the proxy as expected, however it adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia.

In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so.


Submission + - Facebook Users Targeted With Credit Card Grabbing Malware (

wiredmikey writes: Security researchers have discovered a variant of the Ice IX Trojan (close cousin of the notorious Zeus Trojan) that looks to trick Facebook users into revealing their credit card information.

Once a user is infected with the malware, a Web form appears in the victim’s browser when they log into Facebook. The pop-up requests the user’s name, billing address, credit or debit card number, card expiration data and card identification number. Facebook however does not request credit card information from users. If the user enters the data and clicks “continue,” the information will be sent on to the attacker’s instant messenger application, Trusteer found. The researchers even found a “marketing” video used by the cybercriminals to demonstrate how the web injection works.


Submission + - FTC Privacy Report Draws Praise From Activists (

wiredmikey writes: Privacy advocates are largely giving the thumbs up to a report from the Federal Trade Commission (FTC) calling for Congress to enact privacy, data security and breach notification laws.

The report, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” also lays out best practices for businesses for protecting the privacy of American consumers. Building upon a report from December 2010, the updated report calls on corporations to enact the following recommendations: Privacy by Design, Simplified Choice for Businesses and Consumers, and Greater Transparency.

“In general, we’re pleased by the new privacy framework set forth by the Commission,” blogged Rainey Reitman, activism director at the Electronic Frontier Foundation (EFF). “We hope Congress, the Commerce Department, and industry figures will turn to it as they continue crafting policy around user data in coming years.”

In particular, Reitman expressed the EFF’s support on the FTC’s stance regarding a Do-Not-Track mechanism as well as the agency’s support of the HTTPS Everywhere Firefox Add-on and its articulation of the problems with data brokers.

The Center for Democracy & Technology (CDT) also largely praised the FTC report for providing a baseline for best practices for protecting consumer privacy.


Submission + - Cybercriminals Target SIM Cards in New Bank Fraud Attacks (

wiredmikey writes: This week we've seen further developments in how cybercriminals have been forced to up their game and use innovative and advanced attacks to compromise bank accounts. Security firm Trusteer revealed two examples this week of just how much.

From the article: The first scheme starts with a drive-by download infecting victims with the Gozi Trojan. Once the Trojan is on the victim’s PC, it uses a Web page injection that prompts the victim to enter the International Mobile Equipment Identity (IMEI) number on their mobile device before they can enter their online bank account. Once the attackers have the IMEI number, they contact the victim’s wireless service provider and report the mobile device lost or stolen. Then they ask for a new SIM card. With the new SIM card, all one-time passwords (OTPs) sent to the victim’s phone to verify their identity are sent to the attacker.

The second attack brings together the worlds of cyber and physical fraud, starting with a man-in-the-browser or phishing attack aimed at stealing the victim’s bank account credentials, phone number and other relevant information. From there, the scammers impersonate the victim and go to the local police department to report the victim’s mobile phone has been lost or stolen. This allows the scammer to get their hands on a police report for the device, Trusteer explained. With the police report in tow, the criminals show up to one of the wireless service provider’s retail outlets and tricks the provider into deactivating what is thought to be a stolen SIM card and providing a new one.


Submission + - 'Honey Stick' Project Shows Fate of Lost Smartphones (

wiredmikey writes: In order to get a look at what happens when a smartphone is lost, Symantec conducted an experiment, called the Honey Stick Project, where 50 fully-charged mobile devices were loaded with the simulated (fake) personal and corporate data and then dropped in publicly accessible spots in five different cities: New York City; Washington D.C.; Los Angeles; San Francisco; and Ottawa, Canada.

Tracking showed that 96-percent of the devices were accessed once found, and 70-percent of them were accessed for personal and business related applications and information. Less than half of the people who located the intentionally lost devices attempted to locate the owner. Interestingly enough, only two phones were left unaccounted for, the others were all found.

Going further, of the devices located, 45-percent of them reported that there was an attempt to read corporate email, and the remote admin application was accessed 49-percent of the time. A file named “saved passwords” was also one of the top selections, with a 57-percent access rate. Access to social networking accounts and personal email were each attempted on over 60 percent of the devices.

The numbers shouldn't be surprising. While not everyone has malicious intent, people are curious by nature — so remember to password protect your smartphone.

Slashdot Top Deals

In less than a century, computers will be making substantial progress on ... the overriding problem of war and peace. -- James Slagle