×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

  • FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed

    gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."

    60 comments | 1 hour ago

  • 'Anonymized' Credit Card Data Not So Anonymous, MIT Study Shows

    schwit1 writes Scientists showed they can identify you with more than 90 percent accuracy by looking at just four purchases, three if the price is included — and this is after companies "anonymized" the transaction records, saying they wiped away names and other personal details. The study out of MIT, published Thursday in the journal Science, examined three months of credit card records for 1.1 million people. "We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of the Massachusetts Institute of Technology, said in an email.

    32 comments | 2 hours ago

  • Mozilla Dusts Off Old Servers, Lights Up Tor Relays

    TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."

    58 comments | 5 hours ago

  • Snowden Documents: CSE Tracks Millions of Downloads Daily

    Advocatus Diaboli writes Canada's electronic spy agency sifts through millions of videos and documents downloaded online every day by people around the world, as part of a sweeping bid to find extremist plots and suspects, CBC News has learned. Details of the Communications Security Establishment project dubbed 'Levitation' are revealed in a document obtained by U.S. whistleblower Edward Snowden and recently released to CBC News. Under Levitation, analysts with the electronic eavesdropping service can access information on about 10 to 15 million uploads and downloads of files from free websites each day, the document says.

    100 comments | yesterday

  • Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites

    MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.

    189 comments | yesterday

  • Anonymous No More: Your Coding Style Can Give You Away

    itwbennett writes Researchers from Drexel University, the University of Maryland, the University of Goettingen, and Princeton have developed a "code stylometry" that uses natural language processing and machine learning to determine the authors of source code based on coding style. To test how well their code stylometry works, the researchers gathered publicly available data from Google's Code Jam, an annual programming competition that attracts a wide range of programmers, from students to professionals to hobbyists. Looking at data from 250 coders over multiple years, averaging 630 lines of code per author their code stylometry achieved 95% accuracy in identifying the author of anonymous code. Using a dataset with fewer programmers (30) but more lines of code per person (1,900), the identification accuracy rate reached 97%.

    216 comments | yesterday

  • Justice Department: Default Encryption Has Created a 'Zone of Lawlessness'

    Jason Koebler writes: Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is "very concerned" by the Google's and Apple's decision to automatically encrypt all data on Android and iOS devices.

    "We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we're prohibited from getting because of a company's technological choices.

    413 comments | yesterday

  • Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies

    Trailrunner7 writes Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany's Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report. (Here is the Spiegel article.)

    94 comments | 2 days ago

  • DEA Cameras Tracking Hundreds of Millions of Car Journeys Across the US

    itwbennett writes: A U.S. Drug Enforcement Administration program set up in 2008 to keep tabs on cars close to the U.S.-Mexican border has been gradually expanded nationwide and is regularly used by other law enforcement agencies in their hunt for suspects. The extent of the system, which is said to contain hundreds of millions of records on motorists and their journeys, was disclosed in documents obtained by the American Civil Liberties Union as part of a Freedom of Information Act request.

    152 comments | 2 days ago

  • EFF Unveils Plan For Ending Mass Surveillance

    An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.

    They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."

    279 comments | 2 days ago

  • Omand Warns of "Ethically Worse" Spying If Unbreakable Encryption Is Allowed

    Press2ToContinue writes In their attempts to kill off strong encryption once and for all, top officials of the intelligence services are coming out with increasingly hyperbolic statements about why this should be done. Now, a former head of GCHQ, Sir David Omand has said: "One of the results of Snowden is that companies are now heavily encrypting [communications] end to end. Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work." According to The Bureau of Investigative Journalism, which reported his words from a talk he gave earlier this week, by this he meant things like physical observation, bugging rooms, and breaking into phones or computers. "You can say that will be more targeted but in terms of intrusion into personal privacy — collateral intrusion into privacy — we are likely to end up in an ethically worse position than we were before." That's remarkable for its implied threat: if you don't let us ban or backdoor strong encryption, we're going to start breaking into your homes.

    390 comments | 3 days ago

  • Ed Felten: California Must Lead On Cybersecurity

    An anonymous reader writes In a Sacramento Bee op-ed, (in)famous computer security researcher Ed Felten responds to the State of the Union cybersecurity proposal. He doesn't mince words: "The odds of clearing Congress: low. The odds of materially improving security: even lower. "What he suggests as an alternative, though, is a surprise. "California," he writes, "could blaze a trail for effective cybersecurity policy." He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts. It's an interesting idea. Even if it doesn't go anywhere, at least it's some fresh thinking in this area of backward policy. From Felten's essay: Critical infrastructure increasingly relies on industrial automation systems. And those systems are often vulnerable – they keep a default password, for instance, or are accessible from the public Internet. These are not subtle or sophisticated errors. Fixing them requires basic due diligence, not rocket science. Requiring the state’s critical infrastructure providers to undergo regular security audits would be straightforward and inexpensive – especially relative to the enormous risks. Areas of sensitive data are also low-hanging cyber fruit. In health care, education and finance, California already imposes security and privacy requirements that go beyond federal law. Those legal mandates, though, are mostly enforced through after-the-fact penalties. Much like critical infrastructure, sectors that rely upon sensitive data would benefit from periodic outside auditing. Of any state government's, California's policies also have the chance to help (or harm) the most people: nearly 39 million people, according to a 2014 U.S. Census estimate.

    80 comments | 4 days ago

  • WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users

    BarbaraHudson writes WhatsApp is locking out users for 24 hours who use WhatsApp Plus to access the service. The company claims they brought in the temporary ban to make users aware that they are not using the correct version and their privacy could be comprised using the unofficial WhatsApp Plus. "Starting today, we are taking aggressive action against unauthorized apps and alerting the people who use them." Is this a more aggressive rerun of "This site best viewed with Internet Explorer"?

    192 comments | 5 days ago

  • China Cuts Off Some VPNs

    jaa101 writes The Register (UK) and the Global Times (China) report that foreign VPN services are unavailable in China. A quote sourced to "one of the founders of an overseas website which monitors the Internet in China" claimed 'The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it.' An upgrade of the Great Firewall of China is blamed and China appears to be backing the need for the move to maintain cyberspace sovereignty.

    214 comments | 5 days ago

  • Data Encryption On the Rise In the Cloud and Mobile

    dkatana writes: Overall, demand for encryption is growing. Cloud encryption services provider CipherCloud recently received a $50 million investment by Deutsche Telekom, which the company said positions it for "explosive growth" this year. The services are designed to allow corporations to benefit from the cost savings and elasticity of cloud-based data storage, while ensuring that sensitive information is protected.

    Now, both Apple and Google are providing full encryption as a default option on their mobile operating systems with an encryption scheme they are not able to break themselves, since they don't hold the necessary keys.

    Some corporations have gone as far as turning to "zero-knowledge" services, usually located in countries such as Switzerland. These services pledge that they have no means to unlock the information once the customer has entered the unique encryption keys. This zero-knowledge approach is welcomed by users, who are reassured that their information is impossible to retrieve — at least theoretically — without their knowledge and the keys.

    83 comments | about a week ago

  • Apple Agrees To Chinese Security Audits of Its Products

    itwbennett writes According to a story in the Beijing News, Apple CEO Tim Cook has agreed to let China's State Internet Information Office to run security audits on products the company sells in China in an effort to counter concerns that other governments are using its devices for surveillance. "Apple CEO Tim Cook agreed to the security inspections during a December meeting in the U.S. with information office director Lu Wei, according to a story in the Beijing News. China has become one of Apple’s biggest markets, but the country needs assurances that Apple devices like the iPhone and iPad protect the security and privacy of their users as well as maintain Chinese national security, Lu told Cook, according to an anonymous source cited by the Beijing News."

    114 comments | about a week ago

  • Dish Network Violated Do-Not-Call 57 Million Times

    lightbox32 writes Dish Network has been found guilty of violating the Do Not Call list on 57 million separate occasions. They were also found liable for abandoning or causing telemarketers to abandon nearly 50 million outbound telephone calls, in violation of the abandoned-call provision of the Federal Trade Commission's Telemarketing Sales Rule. Penalties for infringing on the Do Not Call list can be up to a whopping $16,000 for each outbound call.

    246 comments | about a week ago

  • Calls For European ISPs To Filter Content Could Be Illegal

    jfruh writes Last week, justice ministers from EU countries called for ISPs to censor or block certain content in the "public interest." But a legal analysis shows that such moves could actually violate EU privacy laws, since it would inevitably involve snooping on the content of Internet traffic to see what should be blocked.

    60 comments | about a week ago

  • Healthcare.gov Sends Personal Data To Over a Dozen Tracking Websites

    An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users' personal data to private companies. The information involved is typical ad-related analytic data: "...it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms." The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains.

    The EFF says, "Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman's family that she was pregnant before she even told them. "

    204 comments | about a week ago

  • Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

    mi writes At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside. The device the Marshals Service and others are using, known as the Range-R, looks like a sophisticated stud-finder. Its display shows whether it has detected movement on the other side of a wall and, if so, how far away it is — but it does not show a picture of what's happening inside. The Range-R's maker, L-3 Communications, estimates it has sold about 200 devices to 50 law enforcement agencies at a cost of about $6,000 each. Other radar devices have far more advanced capabilities, including three-dimensional displays of where people are located inside a building, according to marketing materials from their manufacturers. One is capable of being mounted on a drone. And the Justice Department has funded research to develop systems that can map the interiors of buildings and locate the people within them.

    290 comments | about two weeks ago

Slashdot Login

Need an Account?

Forgot your password?