Forgot your password?
typodupeerror

Catch up on stories from the past week (and beyond) at the Slashdot story archive

Electronic Frontier Foundation

Hundreds of Police Agencies Distributing Spyware and Keylogger 37

Posted by Soulskill
from the you-can-trust-us dept.
realized sends this news from the EFF: For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.

As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.
Communications

Hong Kong Protesters Use Mesh Networks To Organize 79

Posted by Soulskill
from the can't-stop-the-signal dept.
wabrandsma sends this article from New Scientist: Hong Kong's mass protest is networked. Activists are relying on a free app that can send messages without any cellphone connection. Since the pro-democracy protests turned ugly over the weekend, many worry that the Chinese government would block local phone networks. In response, activists have turned to the FireChat app to send supportive messages and share the latest news. On Sunday alone, the app was downloaded more than 100,000 times in Hong Kong, its developers said. FireChat relies on "mesh networking," a technique that allows data to zip directly from one phone to another via Wi-Fi or Bluetooth. Ordinarily, if two people want to communicate this way, they need to be fairly close together. But as more people join in, the network grows and messages can travel further. Mesh networks can be useful for people who are caught in natural disasters or, like those in Hong Kong, protesting under tricky conditions. FireChat came in handy for protesters in Taiwan and Iraq this year."
Music

Grooveshark Found Guilty of Massive Copyright Infringement 155

Posted by Soulskill
from the surprising-nobody dept.
An anonymous reader writes: If you're a Grooveshark user, you should probably start backing up your collection. In a decision (PDF) released Monday, the United States District Court in Manhattan has found Grooveshark guilty of massive copyright infringement based on a preponderance of internal emails, statements from former top executives, direct evidence from internal logs, and willfully deleted files and source code. An email from Grooveshark's CTO in 2007 read, "Please share as much music as possible from outside the office, and leave your computers on whenever you can. This initial content is what will help to get our network started—it’s very important that we all help out! ... Download as many MP3’s as possible, and add them to the folders you’re sharing on Grooveshark. Some of us are setting up special 'seed points' to house tens or even hundreds of thousands of files, but we can’t do this alone." He also threatened employees who didn't contribute.
Businesses

eBay To Spin Off PayPal 72

Posted by Soulskill
from the watch-out-for-the-chargeback dept.
In 2002, eBay bought PayPal for $1.5 billion in stock. Nowadays, PayPal's yearly revenues exceed $7 billion, and investors are worried that eBay and PayPal together are too big to compete effectively. (They're also too big to be acquired, which is on their minds after the ludicrously successful Alibaba IPO.) To solve that problem, eBay today announced it will be spinning off PayPal in 2015, creating two separate publicly traded companies. eBay's current CEO is stepping down, and each of the companies will have a new CEO. "As part of the separation, eBay and PayPal will sign arm’s length commercial operating agreements to work together, with payments on both sides for various referrals and services. That’s no surprise since about 30 percent of PayPal’s business is still on eBay, although that is down from 50 percent only a few years ago."
Media

Matchstick and Mozilla Take On Google's Chromecast With $25 Firefox OS Dongle 101

Posted by timothy
from the what-can-it-slurp dept.
An anonymous reader writes Matchstick and Mozilla today announced their open-source take on the Chromecast: a $25 Firefox OS-powered HDMI dongle. The streaming Internet and media stick will be available first through Kickstarter, in the hopes to drive down the price tag. Jack Chang, Matchstick General Manager in the US, described the device to me as "essentially an open Chromecast." He explained that while the MSRP is $25 (Google's Chromecast retails for $35), the Kickstarter campaign is offering a regular price of $18, and an early bird price of $12.
The Internet

Analyzing Silk Road 2.0 68

Posted by Soulskill
from the welcome-to-narcoanalytics dept.
An anonymous reader writes: After a recent article about breaking the CAPTCHA on the latest incarnation of Silk Road (the darknet-enabled drug market place), Darryl Lau decided to investigate exactly what narcotics people were buying and selling online. He found roughly 13,000 separate listings. Some sellers identify the country they're in, and the top six are the U.S., Australia, England, Germany, and the Netherlands, and Canada. The site also has a bunch of product reviews. If you assume that each review comes from a sale, and multiply that by the listed prices, reviewed items alone represent $20 million worth of business. Lau also has some interesting charts, graphs, and assorted stats. MDMA is the most listed and reviewed drug, and sellers are offering it in quantities of up to a kilogram at a time. The average price for the top 1000 items is $236. Prescription drugs represent a huge portion of the total listings, though no individual prescription drugs have high volume on their own.
Security

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers 28

Posted by Soulskill
from the definitely-totally-detects-fbi-malware-totally-definitely dept.
Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.
Cloud

CloudFlare Announces Free SSL Support For All Customers 66

Posted by Soulskill
from the big-step-in-the-right-direction dept.
Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.
Encryption

Tor Executive Director Hints At Firefox Integration 108

Posted by Soulskill
from the foxes-love-onions dept.
blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
United Kingdom

Piracy Police Chief Calls For State Interference To Stop Internet "Anarchy" 298

Posted by samzenpus
from the lock-it-down dept.
An anonymous reader writes The City of London Police's Intellectual Property Crime Unit (PIPCU) is determined to continue its anti-piracy efforts in the years to come. However, the unit's head, Andy Fyfe, also believes that the government may have to tighten the rules on the Internet to stop people from breaking the law. PIPCU's chief believes the public has to be protected from criminals, including pirate site operators who take advantage of their trust. If that doesn't happen, then the Internet may descend into anarchy, he says, suggesting that the government may have to intervene to prevent this. The Police chief believes tighter rules may be needed to prevent people from breaking the law in the future. This could mean not everyone is allowed to launch a website, but that a license would be required, for example.
United States

FCC To Rule On "Paid Prioritization" Deals By Internet Service Providers 125

Posted by samzenpus
from the highest-bidder dept.
An anonymous reader writes "After a record 3.7 million public comments on net neutrality, the FCC is deciding if the company that supplies your internet access should be allowed to make deals with online services to move their content faster. The FCC's chairman Tom Wheeler says financial arrangements between providers and content sites might be OK if the agreement is "commercially reasonable" and companies say publicly how they prioritize traffic. Many disagree, saying this sets up an internet for the highest bidder. "If Comcast and Time Warner – who already have a virtual monopoly on Internet service – have the ability to manage and manipulate Internet speeds and access to benefit their own bottom line, they will be able to filter content and alter the user experience," said Barbara Ann Luttrell, 26, of Atlanta, in a recent submission to the FCC."
The Internet

World's Smallest 3G Module Will Connect Everything To the Internet 117

Posted by samzenpus
from the get-connected dept.
jfruh writes The U-blox SARA-U260 chip module is only 16 by 26 millimeters — and it's just been certified to work with AT&T's 3G network. While consumers want 4G speeds for their browsing needs, 3G is plenty fast for the innumerable automated systems that will be necessary for the Internet of Things to work. From the article: "The U-blox SARA-U260 module, which measures 16 by 26 millimeters, can handle voice calls. But it's not designed for really small phones for tiny hands. Instead, it's meant to carry the small amounts of data that machines are sending to each other over the 'Internet of things,' where geographic coverage -- 3G's strong suit -- matters more than top speed. That means things like electric meters, fitness watches and in-car devices that insurance companies use to monitor policyholders' driving."
Cellphones

When Everything Works Like Your Cell Phone 171

Posted by Soulskill
from the looking-forward-to-jailbreaking-my-breadmaker dept.
The Atlantic is running an article about how "smart" devices are starting to see everyday use in many people's home. The authors say this will fundamentally change the concept of what it means to own and control your possessions. Using smartphones as an example, they extrapolate this out to a future where many household items are dependent on software. Quoting: These phones come with all kinds of restrictions on their possible physical capabilities. You may not take them apart. Depending on the plan, not all software can be downloaded onto them, not every device can be tethered to them, and not every cell phone network can be tapped. "Owning" a phone is much more complex than owning a plunger. And if the big tech players building the wearable future, the Internet of things, self-driving cars, and anything else that links physical stuff to the network get their way, our relationship to ownership is about to undergo a wild transformation. They also suggest that planned obsolescence will become much more common. For example, take watches: a quality dumbwatch can last decades, but a smartwatch will be obsolete in a few years.
Yahoo!

Yahoo Shuttering Its Web Directory 115

Posted by Soulskill
from the 27-people-are-going-to-be-very-upset-to-hear-this dept.
An anonymous reader writes You may or may not remember this, but before the advent of reliable search engines, web listings used to be a popular way to organize the web. Yahoo had one of the more popular hierarchical website directories around. On Friday, as part of its on-going streamlining process, Yahoo announced that their 20-year-old web directory will be no more: "While we are still committed to connecting users with the information they're passionate about, our business has evolved and at the end of 2014 (December 31), we will retire the Yahoo Directory."
Security

Security Collapse In the HTTPS Market 185

Posted by Soulskill
from the many-points-of-failure dept.
CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.
The Internet

BT and Coke To Offer Free Rural Wi-Fi In South Africa Through Vending Machines 71

Posted by samzenpus
from the have-some-internet dept.
An anonymous reader writes "BT Global Services is installing free Wi-Fi access points in Coca-Cola vending machines in rural parts of South Africa. "South African consumers will soon be able to quench their thirst and check their e-mail at the same time. Coca-Cola and BT Global Services have announced plans to offer free Wi-Fi Internet access in impoverished communities using Coke’s vending machines. BT – formerly British Telecom – will provide connectivity, support and business training as part of the roll-out. The pilot project has been launched in the rural Eastern Cape and in rural Mpumalanga. Sites were chosen for their accessibility to local communities, the companies said."
Mars

Indian Mars Mission Beams Back First Photographs 113

Posted by samzenpus
from the worth-a-thousand-words dept.
astroengine writes India's Mars Orbiter Mission (MOM) got straight to work as it closed in on Martian orbit on Tuesday — it began taking photographs of the Red Planet and its atmosphere and surface as it slowed down to reach its ultimate destination. After a two day wait, those first images are slowly trickling onto the Internet.
Botnet

First Shellshock Botnet Attacking Akamai, US DoD Networks 236

Posted by samzenpus
from the that-didn't-take-very-long dept.
Bismillah writes The Bash "Shellshock" bug is being used to spread malware to create a botnet, that's active and attacking Akamai and Department of Defense networks. "The 'wopbot' botnet is active and scanning the internet for vulnerable systems, including at the United States Department of Defence, chief executive of Italian security consultancy Tiger Security, Emanuele Gentili, told iTnews. 'We have found a botnet that runs on Linux servers, named “wopbot", that uses the Bash Shellshock bug to auto-infect other servers,' Gentili said."
OS X

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild 317

Posted by timothy
from the oy-oy-oy dept.
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.
Communications

Facebook To Start Testing Internet-Beaming Drones In 2015 42

Posted by timothy
from the don't-worry-that's-next-year dept.
Zothecula writes There was an understandable amount of skepticism when Amazon announced its grand plans for delivery drones last year. But if the last twelve months are any indication, Jeff Bezos and his fellow tech heavyweights are actually kinda serious about the potential of unmanned aerial vehicles. Speaking at the Social Good Summit in New York on Monday, engineering director at Facebook Connectivity Lab, Yael Maguire, has further detailed the company's vision of internet-carrying drones, with plans to begin testing in 2015.

I use technology in order to hate it more properly. -- Nam June Paik

Working...