RobinH writes: Our small-ish municipality (between 10,000 to 15,000 in population) has recently decided to switch to online voting. I should note that they were previously doing voting-by-mail. I have significant reservations about online voting, particularly the possibility of vote-selling and the general lack of voter secrecy, not to mention the possible lack of computer security. However, it's only a municipal election, and apparently a lot of municipalities around here are already doing online voting. I'm not sure if the rank-and-file citizens care, or if they would listen to my concerns. Should I bother speaking up, or should I ignore it since municipal elections are not that important anyway?
Nicola Hahn (1482985) writes Despite the long line of covert operations that Ed Snowden's documents have exposed, public outcry hasn't come anywhere near the level of social unrest that characterized the 1960s. Journalists like Conor Friedersdorf have suggested that one explanation for this is that the public is "informed by a press that treats officials who get caught lying and misleading (e.g., James Clapper and Keith Alexander) as if they're credible."
Certainly there are a number of well-known popular venues which offer a stage for spies to broadcast their messages from while simultaneously claiming to "cultivate conversations among all members of the security community, both public and private." This year, for instance, Black Hat USA will host Dan Greer (the CISO of In-Q-Tel) as a keynote speaker.
But after all of the lies and subterfuge is it even constructive to give voice to the talking points of intelligence officials? Or are they just muddying the water? As one observer put it, "high-profile members of the intelligence community like Cofer Black, Shawn Henry, Keith Alexander, and Dan Greer are positioned front and center in keynote slots, as if they were glamorous Hollywood celebrities. While those who value their civil liberties might opine that they should more aptly be treated like pariahs."
An anonymous reader writes with a bit of pith from TechDirt: Every so often, people who don't really understand the importance of anonymity or how it enables free speech (especially among marginalized people), think they have a brilliant idea: "just end real anonymity online." They don't seem to understand just how shortsighted such an idea is. It's one that stems from the privilege of being in power. And who knows that particular privilege better than members of the House of Lords in the UK — a group that is more or less defined by excess privilege? The Communications Committee of the House of Lords has now issued a report concerning "social media and criminal offenses" in which they basically recommend scrapping anonymity online.
Bruce66423 (1678196) writes with this story from the Guardian: The director of the Central Intelligence Agency, John Brennan, issued an extraordinary apology to leaders of the US Senate intelligence committee on Thursday, conceding that the
agency employees spied on committee staff and reversing months of furious and public denials. Brennan acknowledged that an internal investigation had found agency security personnel transgressed a firewall set up on a CIA network, called RDINet, which allowed Senate committee investigators to review agency documents for their landmark inquiry into CIA torture." (Sen. Diane Feinstein was one of those vocally accusing the CIA of spying on Congress; Sen. Bernie Sanders has raised a similar question about the NSA.)
DroidJason1 writes The Chinese government is investigating Microsoft for possible breaches of anti-monopoly laws, following a series of surprise visits to Redmond's offices in cities across China on Monday. These surprise visits were part of China's ongoing investigation [warning: WSJ paywall], and were based on security complaints about Microsoft's Windows operating system and Office productivity suite. Results from an earlier inspection apparently were not enough to clear Microsoft of suspicion of anti-competitive behavior. Microsoft's alleged anti-monopoly behavior is a criminal matter, so if found guilty, the software giant could face steep fines as well as other sanctions.
An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.
Lucas123 writes: The Alliance of Artists and Recording Companies is suing Ford and General Motors for millions of dollars over alleged copyrights infringement violations because their vehicles' CD players can rip music to infotainment center hard drives. The AARC claims in its filing (PDF) that the CD player's ability to copy music violates the Audio Home Recording Act of 1992. The Act protects against distributing digital audio recording devices whose primary purpose is to rip copyrighted material. For example, Ford's owner's manual explains, "Your mobile media navigation system has a Jukebox which allows you to save desired tracks or CDs to the hard drive for later access. The hard drive can store up to 10GB (164 hours; approximately 2,472 tracks) of music." The AARC wants $2,500 for each digital audio recording device installed in a vehicle, the amount it says should have been paid in royalties.
An anonymous reader writes: Every time a city- or state-wide disaster strikes, services to help the victims slowly crop up over the following days and weeks. Sometimes they work well, sometimes they don't. Today, city officials in San Francisco and Portland announced a partnership with peer-to-peer lodging service Airbnb to work out some disaster-preparedness plans ahead of time. Airbnb will locate hosts in these cities who will commit to providing a place to stay for people who are displaced in a disaster, and then set up alerts and notifications to help people find these hosts during a crisis. The idea is that if wildfires or an earthquake forces thousands of people to evacuate their homes, they can easily be absorbed into an organized, distributed group of willing hosts, rather than being shunted to one area and forced to live in a school gymnasium or something similar.
An anonymous reader writes: Today Senator Patrick Leahy (D-VT) introduced a bill that would ban bulk collection of telephone records and internet data for U.S. citizens. This is a stronger version of the legislation that passed the U.S. House in May, and it has support from the executive branch as well. "The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. It would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. Both House and Senate measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek."
redletterdave (2493036) writes "Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, cheating the company out of more than $300,000 — and his scam was breathtakingly simple. According to a Secret Service criminal complaint, Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter."
mrspoonsi (2955715) writes "The City of London police has started placing banner advertisements on websites believed to be offering pirated content illegally. The messages, which will appear instead of paid-for ads, will ask users to close their web browsers. The move comes as part of a continuing effort to stop piracy sites from earning money through advertising. Police said the ads would make it harder for piracy site owners to make their pages look authentic. "When adverts from well known brands appear on illegal websites, they lend them a look of legitimacy and inadvertently fool consumers into thinking the site is authentic," said Detective Chief Inspector Andy Fyfe from the City of London Police Intellectual Property Crime Unit (Pipcu). "This new initiative is another step forward for the unit in tackling IP crime and disrupting criminal profits. "Copyright infringing websites are making huge sums of money though advert placement, therefore disrupting advertising on these sites is crucial and this is why it is an integral part of Operation Creative.""
With recent news that Facebook altered users' feeds as part of a psychology experiment, OKCupid has jumped in and noted that they too have altered their algorithms and experimented with their users (some unintentional) and "if you use the Internet, you’re the subject of hundreds of experiments at any given time, on every site. That’s how websites work." Findings include that removing pictures from profiles resulted in deeper conversations, but as soon as the pictures returned appearance took over; personality ratings are highly correlated with appearance ratings (profiles with attractive pictures and no other information still scored as having a great personality); and that suggesting a bad match is a good match causes people to converse nearly as much as ideal matches would.
Jason Koebler (3528235) writes In the months and weeks leading up to a referendum vote that would have established a locally owned fiber network in three small Illinois cities, Comcast and SBC (now AT&T) bombarded residents and city council members with disinformation, exaggerations, and outright lies to ensure the measure failed. The series of two-sided postcards painted municipal broadband as a foolhardy endeavor unfit for adults, responsible people, and perhaps as not something a smart woman would do. Municipal fiber was a gamble, a high-wire act, a game, something as "SCARY" as a ghost. Why build a municipal fiber network, one asked, when "internet service [is] already offered by two respectable private businesses?" In the corner, in tiny print, each postcard said "paid for by SBC" or "paid for by Comcast."
The postcards are pretty absurd and worth a look.
UrsaMajor987 (3604759) writes I have a Asus Transformer tablet that I dropped on the floor. There is no obvious sign of damage but It will no longer boot. Good excuse to get a newer model. I intend to sell it for parts (it comes with an undamaged keyboard) or maybe just toss it. I want to remove all my personal data. I removed the flash memory card but what about the other storage? I know how to wipe a hard drive, but how do you wipe a tablet? If you were feeling especially paranoid, but wanted to keep the hardware intact for the next user, what would you do?
SonicSpike points out an article from the Pew Charitable Trusts' Research & Analysis department on the legislation and regulation schemes emerging in at least a few states in reaction to the increasing use of digital currencies like Bitcoin. A working group called the Conference of State Bank Supervisors’ Emerging Payments Task Force has been surveying the current landscape of state rules and approaches to digital currencies, a topic on which state laws are typically silent.
In April, the task force presented a model consumer guidance to help states provide consumers with information about digital currencies. A number of states, including California, Massachusetts and Texas, have issued warnings to consumers that virtual currencies are not subject to “traditional regulation or monetary policy,” including insurance, bonding and other security measures, and that values can fluctuate dramatically. ...
The article focuses on the high-population, big-economy states of New York, California and Texas, with a touch of Kansas -- but other states are sure to follow. Whether you live in the U.S. or not, are there government regulations that you think would actually make sense for digital currencies?
itwbennett (1594911) writes "Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Last week security researchers from Kaspersky Lab found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused, said Kaspersky Lab researcher Kurt Baumgartner Friday in a blog post."
hypnosec writes with news that India's Central Bureau of Investigation has ordered a preliminary enquiry (PE) against Google for violating Indian laws by mapping sensitive areas and defence installations in the country. As per the PE, registered on the basis of a complaint made by the Surveyor General of India's office to the Union Home Ministry, Google has been accused of organizing a mapping competition dubbed 'Mapathon' in February-March 2013 without taking prior permission from Survey of India, country's official mapping agency. The mapping competition required citizens to map their neighbourhoods, especially details related to hospitals and restaurants. The Survey of India (SoI), alarmed by the event, asked the company to share its event details. While going through the details the watchdog found that there were several coordinates having details of sensitive defence installations which are out of the public domain."