Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Encryption

Tor Browser Security Under Scrutiny 80

Posted by Soulskill
from the shouldn't-we-be-funding-this-better dept.
msm1267 writes: The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool. The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.
Cellphones

Your Phone Can Be Snooped On Using Its Gyroscope 94

Posted by Unknown Lamer
from the phone-can-be-snooped-on-by-everything dept.
stephendavion (2872091) writes Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. According to the "Gyrophone: Recognizing Speech From Gyroscope Signals" study, the gyroscopes integrated into smartphones were sensitive enough to enable some sound waves to be picked up, transforming them into crude microphones.
Government

German Intelligence Spying On Allies, Recorded Kerry, Clinton, and Kofi Annan 168

Posted by Soulskill
from the turnabout-is-fairly-played-out dept.
cold fjord writes: According to Foreign Policy, "The revelation that Germany spies on Turkey, a NATO member, should dispel any notion that spying on allies violates the unwritten rules of international espionage. ... For nearly a year, the extent of NSA surveillance on German leaders ... has drawn stern rebuke from the German political and media establishment. ... Merkel went so far as to publicly oust the CIA station chief in Berlin. 'Spying among friends is not at all acceptable,' Merkel said. ... [C]alls made by Secretary of State John Kerry and former Secretary of State Hillary Clinton were accidentally recorded. ... 'It's a kind of delightful revelation given the fact that the Germans have been on their high horse.' Christian Whiton, a former ... State Department senior advisor, added that the report on German spying is a perfect example of why rifts over intelligence among allies should be handled quietly and privately." The Wall Street Journal adds, "Cem Özdemir, the head of the Green party and a leading German politician of Turkish descent, told Spiegel Online it would be 'irresponsible' for German spies not to target Turkey given its location as a transit country for Islamic State militants from Europe." Further details at Spiegel Online and The Wall Street Journal."
Crime

Phoenix Introduces Draft Ordinance To Criminalize Certain Drone Uses 194

Posted by Soulskill
from the no-using-drones-to-attack-mexico dept.
Fubar writes: Two city council members from Phoenix, AZ are introducing "draft language" for public discussion that would make it illegal to use a drone to film people without their knowledge. The council members are worred about privacy of people in their own yards, even including the requirement that law enforcement obtain a warrant for drone surveillance. A violation of the ordinance would be a Class 1 misdemeanor, which carries up to a $2,500 fine and six months in jail.
China

Why Chinese Hackers Would Want US Hospital Patient Data 166

Posted by timothy
from the makes-great-gift-wrapping-too dept.
itwbennett (1594911) writes In a follow-up to yesterday's story about the Chinese hackers who stole hospital data of 4.5 million patients, IDG News Service's Martyn Williams set out to learn why the data, which didn't include credit card information, was so valuable. The answer is depressingly simple: people without health insurance can potentially get treatment by using medical data of one of the hacking victims. John Halamka, chief information officer of the Beth Israel Deaconess Medical Center and chairman of the New England Healthcare Exchange Network, said a medical record can be worth between $50 and $250 to the right customer — many times more than the amount typically paid for a credit card number, or the cents paid for a user name and password. "If I am one of the 50 million Americans who are uninsured ... and I need a million-dollar heart transplant, for $250 I can get a complete medical record including insurance company details," he said.
Security

Hackers Steal Data Of 4.5 Million US Hospital Patients 111

Posted by Unknown Lamer
from the security-through-whoops dept.
itwbennett (1594911) writes Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place. Working with a computer security company, it determined the attack was carried out by a group based in China that used 'highly sophisticated malware' to attack its systems. The hackers got away with patient names, addresses, birthdates, telephone numbers and Social Security numbers of the 4.5 million people who were referred to or received services from doctors affiliated with the company in the last five years. The stolen data did not include patient credit card, medical, or clinical information.
Electronic Frontier Foundation

EFF's Cell Phone Guide For US Protesters 82

Posted by Soulskill
from the do-not-use-your-cell-phone-as-a-projectile-weapon dept.
An anonymous reader writes: The Electronic Frontier Foundation has updated its guide for protecting yourself and your cell phone at a protest. In addition to being extremely powerful tools (real-time communication to many watchers via social media, and video recording functionality), cell phones can also give authorities a lot of information about you if they confiscate it. The EFF is trying to encourage cell phone use and prepare people to use them. (The guide is based on U.S. laws, but much of the advice makes sense for other places as well.) Here are a few small snippets: "Start using encrypted communications channels. Text messages, as a rule, can be read and stored by your phone company or by surveillance equipment in the area. ... If the police ask to see your phone, tell them you do not consent to the search of your device. Again, since the Supreme Court's decision in Riley, there is little question that officers need a warrant to access the contents of your phone incident to arrest, though they may be able to seize the phone and get a warrant later. ... If your phone or electronic device was seized, and is not promptly returned when you are released, you can file a motion with the court to have your property returned."
China

Apple Begins Storing Chinese User Data On Servers In China 92

Posted by timothy
from the eat-local-and-store-data-there-too dept.
An anonymous reader writes Reuters reported on Friday that Apple "has begun keeping the personal data of some Chinese users on servers in mainland China." Apple has claimed that the move is meant "to improve the speed and reliability of its iCloud service", but given China's track record with censorship and privacy, the explanation rings hollow for some skeptics. Nevertheless, Apple assures its Chinese users that their personal data on China Telecom is encrypted and that the encryption keys will be stored offshore. Only time will tell if Apple will be able to resist Chinese government requests to access its China-based servers.
United States

How Drones Entered the FBI's Spying Toolkit 39

Posted by samzenpus
from the eye-in-the-sky dept.
Jason Koebler writes The FBI has had an eager eye on surveillance drones since first experimenting with remote control airplanes in 1995. But budget cuts nearly ended the Bureau's unmanned machinations in 2010, and it took a dedicated push aimed at making drones "a tool the FBI cannot do without" to cement their place in the FBI's surveillance toolkit. The near termination—and subsequent expansion—of the FBI's drone program over the past four years is chronicled in hundreds of heavily-redacted pages released under a lawsuit filed by Citizens for Responsibility and Ethics in Washington over the past several months.
Google

Google Expands Safe Browsing To Block Unwanted Downloads 105

Posted by timothy
from the now-you-can-turn-off-adblock dept.
An anonymous reader writes "Google today announced it is expanding its Safe Browsing service to protect users against malware that makes unexpected changes to your computer. Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software. In the case of malware, PUA stands for Potentially Unwanted Application, which is also sometimes called Potentially Unwanted Program or PUP. In short, the broad terms encompass any downloads that the user does not want, typically because they display popups, show ads, install toolbars in the default browser, change the homepage or the search engine, run several processes in the background that slow down the PC, and so on."
Communications

Ryan Lackey, Marc Rogers Reveal Inexpensive Tor Router Project At Def Con 38

Posted by timothy
from the widespread-and-easy-are-tightly-linked dept.
An anonymous reader writes Ryan Lackey of CloudFlare and Marc Rogers of Lookout revealed a new OPSEC device at Def Con called PORTAL (Personal Onion Router to Assure Liberty). It "provides always-on Tor routing, as well as 'pluggable' transport for Tor that can hide the service's traffic signature from some deep packet inspection systems." In essence, PORTAL is a travel router that the user simply plugs into their existing device for more than basic Tor protection (counterpoint to PogoPlug Safeplug and Onion Pi). On the down side, you have to download PORTAL from Github and flash it "onto a TP-Link compatible packet router." The guys behind the device acknowledge that not many people may want to (or even know how to) do that, so they're asking everyone to standby because a solution is pending. The project's GitHub page has a README file that lists compatible models, with some caveats: "It is highly recommended to use a modified router. The modified MR11U and WR703N provide a better experience than the stock routers due to the additional RAM. The severe space constraints of the stock router make them very challenging to work with. Due to the lack of usable space, it is necessary to use an external disk to store the Tor packages. The stock router has only a single USB port, and the best option is to use a microSD in a 3G modem." (Note: Lackey is no stranger to helping people secure internet privacy.)
United States

DEA Paid Amtrak Employee To Pilfer Passenger Lists 127

Posted by Unknown Lamer
from the have-to-break-the-law-to-protect-the-law dept.
Via Ars Technica comes news that an Amtrak employee was paid nearly $900,000 over the last ten years to give the DEA passenger lists outside of normal channels. Strangely enough, the DEA already had access to such information through official channels. From the article: The employee, described as a "secretary to a train and engine crew" in a summary obtained by the AP, was selling the customer data without Amtrak's approval. Amtrak and other transportation companies collect information from their customers including credit card numbers, travel itineraries, emergency contact info, passport numbers, and dates of birth. When booking tickets online in recent years, Amtrak has also collected phone numbers and e-mail addresses. ... Amtrak has long worked closely with the DEA to track drug trafficking activity on its train lines. The Albuquerque Journal reported in 2001 that "a computer with access to Amtrak's ticketing information sits on a desk in the [DEA]'s local office," wrote the ACLU.
Security

Silent Circle's Blackphone Exploited at Def Con 46

Posted by timothy
from the outharshing-one-another dept.
Def Con shows no mercy. As gleefully reported by sites several Blackberry-centric sites, researcher Justin Case yesterday demonstrated that he could root the much-heralded Blackphone in less than five minutes. From n4bb.com's linked report: "However, one of the vulnerabilities has already been patched and the other only exploitable with direct user consent. Nevertheless, this only further proves you cannot add layers of security on top of an underlying platform with security vulnerabilities." Case reacts via Twitter to the crowing: "Hey BlackBerry idiots, stop miss quoting me on your blogs. Your phone is only "secure" because it has few users and little value as a target."
Cellphones

F-Secure: Xiaomi Smartphones Do Secretly Steal Your Data 164

Posted by timothy
from the they're-just-making-a-copy dept.
They may be well reviewed and China's new top selling phone, but reader DavidGilbert99 writes with reason to be cautious about Xiaomi's phones: Finnish security firm F-Secure has seemingly proven that Xiaomi smartphones do in fact upload user data without their permission/knowledge despite the company strongly denying these allegations as late as 30 July. Between commercial malware and government agencies, how do you keep your phone's data relatively private?
Privacy

John McAfee Airs His Beefs About Privacy In Def Con Surprise Talk 124

Posted by timothy
from the now-take-larry-ellison dept.
John McAfee made a surprise appearance at Def Con to talk about privacy: he's for it. Trouble is, he says, lots of companies feel otherwise, and he took the stage to single out "don't be evil" Google: “Google, or at least certain people within Google, I will not mention names because I am not a rude gentleman, would like us to believe that if we have nothing to hide, we should not mind if everybody knows everything that we do,” he said from the podium. “I have to take serious issue with that.” The BBC has video. McAfee also announced his new complaints website, The Brown List. (Good usernames are still available, and your complaint can be about anything, not just privacy violations by humongous corporations.)
United States

Leaked Docs Show Spyware Used To Snoop On US Computers 135

Posted by timothy
from the who's-zoomin'-who dept.
Advocatus Diaboli writes Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
Censorship

Russia Cracks Down On Public Wi-Fi; Oracle Blocks Java Downloads In Russia 254

Posted by timothy
from the interesting-times dept.
Linking to a story at Reuters, reader WilliamGeorge writes "Russia is further constraining access to the internet and freedom of speech, with new laws regarding public use of WiFi. Nikolai Nikiforov, the Russian Communications Minister, tweeted that "Identification of users (via bank cards, cell phone numbers, etc.) with access to public Wifi is a worldwide practice." This comes on top of their actions recently to block websites of political opponents to Russian president Vladimir Putin, require registration of prominent bloggers, and more. The law was put into effect with little notice and without the input of Russian internet providers. Sergei Plugotarenko, head of the Russian Electronic Communications Association, said "It was unexpected, signed in such a short time and without consulting us." He added, "We will hope that this restrictive tendency stops at some point because soon won't there be anything left to ban." In addition to the ID requirement to use WiFi, the new law also requires companies to declare who is using their web networks and calls for Russian websites to store their data on servers located in Russia starting in 2016." That's not the only crackdown in progress, though: former Slashdot code-wrestler Vlad Kulchitski notes that Russian users are being blocked from downloading Java with an error message that reads, in essence, "You are in a country on which there is embargo; you cannot download JAVA." Readers at Hacker News note the same, though comments there indicate that the block may rely on a " specific and narrow IP-block," rather than being widespread. If you're reading this from Russia, what do you find?
United Kingdom

UK Police Won't Comment On The Tracking of People's Phone Calls 52

Posted by samzenpus
from the ask-me-that-later dept.
Daniel_Stuckey writes You've maybe heard a bit about Stingray. Over the past couple of years, it has emerged that police forces in the US have been using the powerful surveillance tool, which tricks phones into connecting to a dragnet, to track mobile devices, and intercept calls and text messages. Meanwhile, the London Metropolitan Police Service (MPS) continue to remain tight lipped about their use of the technology, leaving citizens in the dark on what privacy protections, if any, are in place for those who may get swept up by the broad surveillance techniques.
Government

Snowden Granted 3 More Years of Russian Residency 266

Posted by timothy
from the backwards-world dept.
SiggyRadiation writes Edward Snowden is allowed to stay in Russia for three more years. According to the NYPost:"His lawyer, Analtoly Kucherena, was quoted by Russian news agencies on Thursday as saying Snowden now has been granted residency for three more years, but that he had not been granted political asylum. That status, which would allow him to stay in Russia permanently, must be decided by a separate procedure, Kucherena said, but didn't say whether Snowden is seeking it." The question that remains, of course, is did the Russians use this as leverage over him to get to more information or influence him? Or is the positive PR in itself enough for the Russians in the current climate of tensions and economic sanctions relating to the Ukraine crisis?"
United Kingdom

City of London Police Take Down Proxy Service Over Piracy Concerns 133

Posted by samzenpus
from the shutting-it-down dept.
Mr_Silver writes TorrentFreak is reporting that the City of London Police (a private police force in government-backed livery with an authority that does not go beyond the corporate-controlled City of London area — so not to be confused with the Metropolitan Police) has seized control of a number of domains including Immunicity, a general proxy server that was set up as a censorship circumvention tool. This appears to be their next step after placing banner adverts on websites.

C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup

Working...