Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Encryption

OpenSSL Cleanup: Hundreds of Commits In a Week 164

Posted by timothy
from the the-good-kind-of-competition dept.
New submitter CrAlt (3208) writes with this news snipped from BSD news stalwart undeadly.org: "After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls. ... All combined, there've been over 250 commits cleaning up OpenSSL. In one week.'" You can check out the stats, in progress.
Government

Preventative Treatment For Heartbleed On Healthcare.gov 67

Posted by timothy
from the welcome-to-centralized-medicine-dot-gov dept.
As the San Francisco Chronicle reports, "People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw." Take note, though; the article goes on to immediately point out this does not mean that the HealthCare.gov site has been compromised: "Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page." Also at The Verge
Crime

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy 124

Posted by timothy
from the and-you'd-trust-this-because dept.
First time accepted submitter turkeydance (1266624) writes "The dark web just got a little less dark with the launch of a new search engine that lets you easily find illicit drugs and other contraband online. Grams, which launched last week and is patterned after Google, is accessible only through the Tor anonymizing browser (the address for Grams is: grams7enufi7jmdl.onion) but fills a niche for anyone seeking quick access to sites selling drugs, guns, stolen credit card numbers, counterfeit cash and fake IDs — sites that previously only could be found by users who knew the exact URL for the site."
Privacy

How Nest and FitBit Might Spy On You For Cash 92

Posted by Soulskill
from the don't-let-them-take-your-analog-shoelaces dept.
Nerval's Lobster writes: "Forbes offers up a comforting little story about how Nest and FitBit are planning on turning user data in a multi-billion-dollar business. 'Smart-thermostat maker Nest Labs (which is being acquired by Google for $3.2 billion) has quietly built a side business managing the energy consumption of a slice of its customers on behalf of electric companies,' reads the article. 'In wearables, health tracker Fitbit is selling companies the tracking bracelets and analytics services to better manage their health care budgets, and its rival Jawbone may be preparing to do the same.' As many a wit has said over the years: If you're not paying, you're the product. But if Forbes is right, wearable-electronics companies may have discovered a sweeter deal: paying customers on one side, and companies paying for those customers' data on the other. Will most consumers actually care, though?"
Media

MediaGoblin and FSF Successfully Raise Funds For Federation, Privacy Features 22

Posted by Soulskill
from the if-you-build-it-they-will-come dept.
paroneayea writes: "GNU MediaGoblin and the Free Software Foundation have jointly run a campaign for privacy and federation on the web. The campaign is in its last day but has already passed the first two funding milestones, and is hoping to raise more with the possibility of bringing in multiple dedicated resources to the project. The project has also released a full financial transparency report so donors can know how they can expect their money to be used!"
Facebook

New Facebook Phone App Lets You Stalk Your Friends 61

Posted by samzenpus
from the I-won't-be-ignored dept.
Hugh Pickens DOT Com (2995471) writes "Iain Thomson reports that Facebook is adding a new application called 'Nearby Friends' that alerts smartphone users when their friends are nearby. 'If you turn on Nearby Friends, you'll occasionally be notified when friends are nearby, so you can get in touch with them and meet up,' says Facebook in a statement. 'For example, when you're headed to the movies, Nearby Friends will let you know if friends are nearby so you can see the movie together or meet up afterward.' The feature, which is opt-in, allows users to select which friends get a warning that you are in the area, and prepare a subset of people who might like to know when you're near, if they have the Nearby Friends activated as well. According to Josh Constine what makes 'Nearby Friends' different than competitors and could give it an advantage is that it's centered around broadcasting proximity, not location. 'If someone's close, you'll know, and can ping them about their precise location and meeting up. Broadcasting location is creepy so we're less likely to share it, and can cause awkward drop-ins where someone tries to come see you when you didn't want them to.'"
Government

Snowden Queries Putin On Live TV Regarding Russian Internet Surveillance 389

Posted by timothy
from the keep-to-the-script-now dept.
Rambo Tribble (1273454) writes "Edward Snowden appeared on a Russian television call-in show to ask Russian President Vladimir Putin about policies of mass surveillance. The exchange has a canned quality which will likely lead to questions regarding the integrity of Snowden's actions, in the query of his host in asylum."
Encryption

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed 56

Posted by timothy
from the all-tor-up dept.
msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 nodes vulnerable to Heartbleed where he was able to retrieve plaintext user traffic. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."
Canada

RCMP Arrest Canadian Teen For Heartbleed Exploit 103

Posted by timothy
from the they-got-their-man dept.
According to PC Mag, a "19-year-old Canadian was arrested on Tuesday for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known arrest for exploiting the Heartbleed bug. Stephen Arthuro Solis-Reyes (pictured) of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data." That exploit led to a deadline extension for some Canadian taxpayers in getting in their returns this year. The Register has the story as well. The Montreal Gazette has some pointed questions about how much the Canadian tax authorities knew about the breach, and when.
United States

FBI Drone Deployment Timeline 33

Posted by samzenpus
from the when-and-where dept.
An anonymous reader writes "The FBI insists that it uses drone technology to conduct surveillance in 'very limited circumstances.' What those particular circumstances are remain a mystery, particularly since the Bureau refuses to identify instances where agents deployed unmanned aerial vehicles, even as far back as 2006. In a letter to Senator Ron Paul last July, the FBI indicated that it had used drones a total of ten times since late 2006—eight criminal cases and two national security cases—and had authorized drone deployments in three additional cases, but did not actually fly them. The sole specific case where the FBI is willing to confirm using a drone was in February 2013, as surveillance support for a child kidnapping case in Alabama. New documents obtained by MuckRock as part of the Drone Census flesh out the timeline of FBI drone deployments in detail that was previously unavailable. While heavily redacted—censors deemed even basic facts that were already public about the Alabama case to be too sensitive for release, apparently—these flight orders, after action reviews and mission reports contain new details of FBI drone flights."
Education

Student Records Kids Who Bully Him, Then Gets Threatened With Wiretapping Charge 790

Posted by Soulskill
from the it-takes-real-effort-to-be-this-wrong dept.
An anonymous reader tips news of an incident in a Pennsylvania high school in which a student, Christian Stanfield, was being bullied on a regular basis. He used a tablet to make an audio recording of the bullies for the purpose of showing his mother how bad it was. She was shocked, and she called school officials to tell them what was going on. The officials brought in a police lieutenant — but not to deal with the bullies. Instead, the officer interrogated Stanfield and made him delete the recording. The officer then threatened to charge him with felony wiretapping. The charges were later reduced to disorderly conduct, and Stanfield was forced to testify before a magistrate, who found him guilty. Stanfield's mother said, "Christian's willingness to advocate in a non-violent manner should be championed as a turning point. If Mr. Milburn and the South Fayette school district really want to do the right thing, they would recognized that their zero-tolerance policies and overemphasis on academics and athletics have practically eliminated social and emotional functioning from school culture."

Update: 04/17 04:36 GMT by T : The attention this case has gotten may have something to do with the later-announced decision by the Allegheny County District Attorney's office to withdraw the charges against Stanfield.
Government

52 Million Photos In FBI's Face Recognition Database By Next Year 108

Posted by Soulskill
from the you-can-trust-us dept.
Advocatus Diaboli writes "The EFF has been investigating the FBI's Next-Generation Identification (NGI) scheme, an enormous database of biometric information. It's based on the agency's fingerprint database, which already has 100 million records. But according to the documents EFF dug up, the NGI database will include 52 million images of people's faces by 2015. At least 4.3 million images will have been taken outside any sort of criminal context. 'Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a 'mug shot' photo along with your fingerprints. If that's the case, then the FBI will store both your face print and your fingerprints along with your biographic data.'"
Encryption

Snowden Used the Linux Distro Designed For Internet Anonymity 170

Posted by Soulskill
from the NSA-can't-make-heads-or-something-of-it dept.
Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"
The Media

Guardian and WaPo Receive Pulitzers For Snowden Coverage 78

Posted by Unknown Lamer
from the pulitzer-prize-board-added-to-terrorist-organization-list dept.
Late Yesterday, the Pulitzer Prize board announced (PDF) the 2014 Pulitzer Prize winners. The public service prize was awarded to the Guardian and the Washington Post. The Washington Post was given the award for its role in revealing widespread surveillance by the NSA, "...marked by authoritative and insightful reports that helped the public understand how the disclosures fit into the larger framework of national security," and the Guardian for sparking "...a debate about the relationship between the government and the public over issues of security and privacy." Snowden released a statement praising the Pulitzer board: "Today's decision is a vindication for everyone who believes that the public has a role in government. We owe it to the efforts of the brave reporters and their colleagues who kept working in the face of extraordinary intimidation, including the forced destruction of journalistic materials, the inappropriate use of terrorism laws, and so many other means of pressure to get them to stop what the world now recognizes was work of vital public importance. This decision reminds us that what no individual conscience can change, a free press can. "
Google

Google Buys Drone Maker Titan Aerospace 41

Posted by samzenpus
from the welcome-to-the-google dept.
garymortimer (1882326) writes "Google has acquired drone maker Titan Aerospace. Titan is a New Mexico-based company that makes high-flying solar powered drones. There's no word on the price Google paid, but Facebook had been in talks to acquire the company earlier this year for a reported $60 million. Presumably, Google paid more than that to keep it away from Facebook. 'Google had just recently demonstrated how its Loon prototype balloons could traverse the globe in a remarkably short period of time, but the use of drones could conceivably make a network of Internet-providing automotons even better at globe-trotting, with a higher degree of control and ability to react to changing conditions. Some kind of hybrid system might also be in the pipeline that marries both technologies.'"
Google

Anyone Can Buy Google Glass April 15 167

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
An anonymous reader writes "Starting at 9 a.m. ET on April 15 anyone in the US will be able to buy Google Glass for one day. From the article: 'This is the first time the device has been available to the general public. So far, the face-mounted computers have been sold only to Google "Explorers," the company's name for early adopters. At first only developers could buy Glass, but Google slowly expanded the program to include regular people. Some were hand-picked, others applied to be Explorers through Google contests by sharing what cool projects they would do if they had Glass.'"
Businesses

Commenters To Dropbox CEO: Houston, We Have a Problem 447

Posted by timothy
from the don't-worry-we'll-only-look-at-the-secrets dept.
theodp (442580) writes "On Friday, Dropbox CEO Drew Houston sought to quell the uproar over the appointment of former Secretary of State Condoleezza Rice to the company's board of directors, promising in a blog post that Rice's appointment won't change its stance on privacy. More interesting than Houston's brief blog post on the method-behind-its-Condi-madness (which Dave Winer perhaps better explained a day earlier) is the firestorm in the ever-growing hundreds of comments that follow. So will Dropbox be swayed by the anti-Condi crowd ("If you do not eliminate Rice from your board you lose my business") or stand its ground, heartened by pro-Condi comments ("Good on ya, DB. You have my continued business and even greater admiration")? One imagines that Bush White House experience has left Condi pretty thick-skinned, and IPO riches are presumably on the horizon, but is falling on her "resignation sword" — a la Brendan Eich — out of the question for Condi?"
Government

Canada Introduces Privacy Reforms That Encourage Warrantless Disclosure of Info 99

Posted by samzenpus
from the what-do-you-want-to-know? dept.
An anonymous reader writes "Earlier this week, the government introduced the Digital Privacy Act (Bill S-4), the latest attempt to update Canada's private sector privacy law. Michael Geist reports that the bill includes a provision that could massively expand warrantless disclosure of personal information. Organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening). Consider it a gift to copyright trolls, who won't need the courts to obtain information on thousands of Internet users."
Chrome

Google Chrome Flaw Sets Your PC's Mic Live 152

Posted by timothy
from the lives-of-others dept.
First time accepted submitter AllTheTinfoilHats (3612007) writes "A security flaw in Google Chrome allows any website you visit with the browser to listen in on nearby conversations. It doesn't allow sites to access your microphone's audio, but provides them with a transcript of the browser's speech-to-text transcriptions of anything in range. It was found by a programmer in Israel, who says Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media. The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix." However, as discoverer Guy Aharonovsky is quoted, "It seems like they started to look for a way to quickly mitigate this flaw."
United Kingdom

London's Public Bike Data Can Tell Everyone Where You've Been 41

Posted by timothy
from the away-from-flat-call-in-the-burglary-lorry dept.
An anonymous reader writes "I recently posted this article with a few vizualizations and a bit of analysis about the risks associated with open data sets. Thought it might be of interest of Slashdot readers: 'This article is about a publicly available dataset of bicycle journey data that contains enough information to track the movements of individual cyclists across London, for a six month period just over a year ago.'"

While money can't buy happiness, it certainly lets you choose your own form of misery.

Working...