Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Government

NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations 89

Posted by Soulskill
from the i-don't-think-the-mr-magoo-routine-is-going-to-work dept.
Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.
Privacy

FBI Completes New Face Recognition System 115

Posted by Soulskill
from the they-know-what-you-did-last-summer dept.
Advocatus Diaboli writes: According to a report from Gizmodo, "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications." Techdirt points out that an assessment of how this system affects privacy was supposed to have preceded the actual rollout. Unfortunately, that assessment is nowhere to be found.

Two recent news items are related. First, at a music festival in Boston last year, face recognition software was tested on festival-goers. Boston police denied involvement, but were seen using the software, and much of the data was carelessly made available online. Second, both Ford and GM are working on bringing face recognition software to cars. It's intended for safety and security — it can act as authentication and to make sure the driver is paying attention to the road.
Cloud

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked 186

Posted by timothy
from the our-cooperation-was-strictly-reluctant dept.
Apple CEO Tim Cook insists that Apple doesn't read -- in fact, says Cook, cannot read -- user's emails, and that the company's iCloud service wasn't hacked. ZDNet presents highlights from Cook's lengthy, two-part interview with Charlie Rose. One selection of particular interest: Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form." [Cook] claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed." He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email." Cook went on to talk about PRISM in more detail, following the lead from every other technology company implicated by those now-infamous PowerPoint slides.
Australia

Quickflix Wants Netflix To Drop Australian VPN Users 164

Posted by timothy
from the all-we-want-is-a-captive-audience dept.
ashshy writes 200,000 Australian residents reportedly use Netflix today, tunneling their video traffic to the US, UK, and other Netflix markets via VPN connections. A proper Netflix Down Under service isn't expected to launch until 2015. Last week, Aussie video streaming company Quickflix told Netflix to stop this practice, so Australian viewers can return to Quickflix and other local alternatives. But Quickflix CEO Stephen Langsford didn't explain how Netflix could restrict Australian VPN users, beyond the IP geolocating and credit card billing address checks it already runs. Today, ZDNet's Josh Taylor ripped into the absurdity of Quickflix's demands. From the article: "If Netflix cuts those people off, they're going to know that it was at the behest of Foxtel and Quickflix, and would likely boycott those services instead of flocking to them. If nothing else, it would encourage those who have tried to do the right thing by subscribing and paying for content on Netflix to return to copyright infringement."
Australia

NSW Police Named as FinFisher Spyware Users 73

Posted by samzenpus
from the oh-watching-the-places-you'll-go dept.
Bismillah writes Wikileaks' latest release of documents shows that the Australian New South Wales police force has spent millions on licenses for the FinFisher set of law enforcement spy- and malware tools — and still has active licenses. What it uses FinFisher, which has been deployed against dissidents by oppressive regimes, for is yet to be revealed. NSW Police spokesperson John Thompson said it would not be appropriate to comment "given this technology relates to operational capability".
Businesses

Comcast Allegedly Asking Customers to Stop Using Tor 415

Posted by samzenpus
from the no-tor-for-you dept.
An anonymous reader writes Comcast agents have reportedly contacted customers who use Tor and said their service can get terminated if they don't stop using Tor. According to Deep.Dot.Web, one of those calls included a Comcast customer service agent who allegedly called Tor an “illegal service.” The Comcast agent told the customer that such activity is against usage policies. The Comcast agent then allegedly told the customer: "Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal. We have the right to terminate, fine, or suspend your account at anytime due to you violating the rules. Do you have any other questions? Thank you for contacting Comcast, have a great day." Update: 09/15 18:38 GMT by S : Comcast has responded, saying they have no policy against Tor and don't care if people use it.
Government

New Details About NSA's Exhaustive Search of Edward Snowden's Emails 193

Posted by samzenpus
from the taking-a-good-look dept.
An anonymous reader points out this Vice story with new information about the NSA's search of Edward Snowden's emails. Last year, the National Security Agency (NSA) reviewed all of Edward Snowden's available emails in addition to interviewing NSA employees and contractors in order to determine if he had ever raised concerns internally about the agency's vast surveillance programs. According to court documents the government filed in federal court September 12, NSA officials were unable to find any evidence Snowden ever had.

In a sworn declaration, David Sherman, the NSA's associate director for policy and records, said the agency launched a "comprehensive" investigation after journalists began to write about top-secret NSA spy programs upon obtaining documents Snowden leaked to them. The investigation included searches of any records where emails Snowden sent raising concerns about NSA programs "would be expected to be found within the agency." Sherman, who has worked for the NSA since 1985, is a "original classification authority," which means he can classify documents as "top-secret" and process, review, and redact records the agency releases in response to Freedom of Information Act (FOIA) requests.

In his declaration, Sherman detailed steps he said agency officials took to track down any emails Snowden wrote that contained evidence he'd raised concerns inside the agency. Sherman said the NSA searched sent, received, deleted emails from Snowden's account and emails "obtained by restoring back-up tapes." He noted that NSA officials reviewed written reports and notes from interviews with "NSA affiliates" with whom the agency spoke during its investigation.
United States

Treasure Map: NSA, GCHQ Work On Real-Time "Google Earth" Internet Observation 259

Posted by samzenpus
from the lets-see-what-you're-doing dept.
wabrandsma) writes with the latest accusations about NSA spying activity in Germany. According to top-secret documents from the NSA and the British agency GCHQ, the intelligence agencies are seeking to map the entire Internet.
Furthermore, every single end device that is connected to the Internet somewhere in the world — every smartphone, tablet and computer — is to be made visible. Such a map doesn't just reveal one treasure. There are millions of them. The breathtaking mission is described in a Treasure Map presentation from the documents of the former intelligence service employee Edward Snowden which SPIEGEL has seen. It instructs analysts to "map the entire Internet — Any device, anywhere, all the time." Treasure Map allows for the creation of an "interactive map of the global Internet" in "near real-time," the document notes. Employees of the so-called "FiveEyes" intelligence agencies from Great Britain, Canada, Australia and New Zealand, which cooperate closely with the American agency NSA, can install and use the program on their own computers. One can imagine it as a kind of Google Earth for global data traffic, a bird's eye view of the planet's digital arteries.
United Kingdom

School Installs Biometric Fingerprint System For Cafeteria 230

Posted by samzenpus
from the paying-with-one-finger dept.
An anonymous reader writes with news about a school in England that has introduced a cashless cafeteria system that is raising some privacy concerns among some. Stourbridge students will soon be able to pay for their lunch without searching their pockets for change. Redhill School has spent £20,000 updating its dining facilities and introducing a cashless catering system. The system will allow parents to deposit funds into students catering accounts, to be debited by the pupil's biometric fingerprint scan at the point of sale. Headteacher Stephen Dunster said: "The benefits are that pupils are less likely to lose cash, parents know their children are using their dinner money to buy nutritious food and there will also be a system to alert staff if students are purchasing food that they may be allergic to."
Government

NSA Metadata Collection Gets 90-Day Extension 73

Posted by Soulskill
from the you-can-trust-us-for-90-more-days dept.
schwit1 sends word that the Foreign Intelligence Surveillance Court has authorized a 90-day extension to the NSA's ability to collect bulk metadata about U.S. citizens' phone calls. In April, the House of Representatives passed a bill to limit the NSA's collection of metadata, but the Senate has been working on their version of the bill since then without yet voting on it. Because of this, and the alleged importance of continuing intelligence operations, the government sought a 90-day reauthorization of the current program. The court agreed. Senator Patrick Leahy said this clearly demonstrates the need to get this legislation passed. "We cannot wait any longer, and we cannot defer action on this important issue until the next Congress. This announcement underscores, once again, that it is time for Congress to enact meaningful reforms to protect individual privacy.
Privacy

Justice Sotomayor Warns Against Tech-Enabled "Orwellian" World 163

Posted by Soulskill
from the trading-privacy-for-convenience dept.
An anonymous reader writes: U.S. Supreme Court Justice Sonia Sotomayor spoke on Thursday to faculty and students at the University of Oklahoma City about the privacy perils brought on by modern technology. She warned that the march of technological progress comes with a need to enact privacy protections if we want to avoid living in an "Orwellian world" of constant surveillance. She said, "There are drones flying over the air randomly that are recording everything that's happening on what we consider our private property. That type of technology has to stimulate us to think about what is it that we cherish in privacy and how far we want to protect it and from whom. Because people think that it should be protected just against government intrusion, but I don't like the fact that someone I don't know can pick up, if they're a private citizen, one of these drones and fly it over my property."
AI

The Challenges and Threats of Automated Lip Reading 119

Posted by Soulskill
from the surgical-masks-become-high-fashion-in-2018 dept.
An anonymous reader writes: Speech recognition has gotten pretty good over the past several years. it's reliable enough to be ubiquitous in our mobile devices. But now we have an interesting, related dilemma: should we develop algorithms that can lip read? It's a more challenging problem, to be sure. Sounds can be translated directly into words, but deriving meaning out of the movement of a person's face is much more complex. "During speech, the mouth forms between 10 and 14 different shapes, known as visemes. By contrast, speech contains around 50 individual sounds known as phonemes. So a single viseme can represent several different phonemes. And therein lies the problem. A sequence of visemes cannot usually be associated with a unique word or sequence of words. Instead, a sequence of visemes can have several different solutions." Beyond the computational aspect, we also need to decide, as a society, if this is a technology that should exist. The privacy implications extend beyond that of simple voice recognition.
Crime

Turning the Tables On "Phone Tech Support" Scammers 208

Posted by timothy
from the mouthwatering-shadenfreude dept.
mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.
United States

U.S. Threatened Massive Fine To Force Yahoo To Release Data 223

Posted by timothy
from the your-government-at-work dept.
Advocatus Diaboli writes The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user data that the company believed was unconstitutional, according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the NSA's controversial PRISM program. The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government's demands. The company's loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the National Security Agency extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.
Iphone

Mining iPhones and iCloud For Data With Forensic Tools 85

Posted by Soulskill
from the security-through-panic-and-news-articles dept.
SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target's iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone's security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone's data, or access to a computer that simply has stored credentials.

The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target's phone. The author concludes, "Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device."
Twitter

Laid Off From Job, Man Builds Tweeting Toilet 114

Posted by samzenpus
from the because-I-can dept.
dcblogs writes With parts from an electric motor, a few household items, an open-source hardware board running Linux, and some coding, Thomas Ruecker, built a connected toilet that Tweets with each flush. The first reaction to the Twitter feed at @iotoilets may be a chuckle. But the idea behind this and what it illustrates is serious. It tracks water usage, offers a warning about the future of privacy in the Internet of Things, and may say something about the modern job hunt. Ruecker built his device on a recent long weekend after he was laid off as an open source evangelist at a technology firm undergoing "rightsizing," as he put it.
Microsoft

Microsoft Agrees To Contempt Order So It Can Appeal Email Privacy Case 122

Posted by Soulskill
from the fighting-the-privacy-fight dept.
An anonymous reader writes: Microsoft made news some weeks ago for refusing to hand over customer emails stored on its Dublin, Ireland servers to the U.S. government. The district judge presiding over the case agreed with the government and ordered Microsoft to comply with its demands. On Monday, Microsoft struck a deal with the U.S. government in which the company would be held on contempt charges but would not be penalized for it until after the outcome of an appeal. The district judge endorsed the agreement (PDF) on Thursday.
Networking

Device Boots Drones, Google Glass Off Wi-Fi 184

Posted by Soulskill
from the they-don't-want-your-kind-around-here dept.
An anonymous reader writes: Amid the backlash against spy-eye drones as well as wearable cameras like Google Glass, one company is building a device to fight back. The Cyborg Unplug actively scans for drones or Google Glass on a local wireless network and blocks their traffic. They're billing it as an "anti-surveillance system" and marketing it toward businesses, restaurants, and schools. They take pains to note that it's not a jammer, instead sending copies of a de-authentication packet usually sent by a router when it disconnects a device. The device can, however, force devices to disconnect from any network, which they warn may be illegal in some places.
Bitcoin

Paypal Jumps Into Bitcoin With Both Feet 134

Posted by timothy
from the in-for-penny dept.
retroworks (652802) writes The BBC, the Wall Street Journal, Bloomberg, Forbes and several other business sites are buzzing with Paypal's incorporation of Bitcoin transactions. According to Wired, Paypal will be "the best thing ever to happen to Bitcoin." Paypal-owned Braintree not only brings 150 million active users in close contact with Bitcoin, it signals "mainstreaming" similar to cell phone app banking, perceived as experimental just a few years ago.
The Internet

BBC: ISPs Should Assume VPN Users Are Pirates 362

Posted by Soulskill
from the arrr-me-hearties dept.
An anonymous reader sends this news from TorrentFreak: After cutting its teeth as a domestic broadcaster, the BBC is spreading its products all around the globe. Shows like Top Gear have done extremely well overseas and the trend of exploiting other shows in multiple territories is set to continue. As a result, the BBC is now getting involved in the copyright debates of other countries, notably Australia, where it operates four subscription channels. Following submissions from Hollywood interests and local ISPs, BBC Worldwide has now presented its own to the Federal Government. Its text shows that the corporation wants new anti-piracy measures to go further than ever before.

The BBC begins by indicating a preference for a co-operative scheme, one in which content owners and ISPs share responsibility to "reduce and eliminate" online copyright infringement. ... "Since the evolution of peer-to-peer software protocols to incorporate decentralized architectures, which has allowed users to download content from numerous host computers, the detection and prosecution of copyright violations has become a complex task. This situation is further amplified by the adoption of virtual private networks (VPNs) and proxy servers by some users, allowing them to circumvent geo-blocking technologies and further evade detection," the BBC explains.

New systems generate new problems.

Working...