Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Crime

CEO of Spyware Maker Arrested For Enabling Stalkers 135

Posted by Soulskill
from the reaping-what-you-sow dept.
An anonymous reader writes: U.S. authorities have arrested and indicted the CEO of a mobile software company for selling spyware that enables "stalkers and domestic abusers." The U.S. Department of Justice accuses the man of promoting and selling software that can "monitor calls, texts, videos and other communications on mobile phones without detection." The agency pointed out this is the first criminal case based on mobile spyware, and promised to aggressively pursue makers of similar software in the future. Here's the legal filing (PDF). The FBI, with approval from a District Court, has disabled the website hosting the software.

"The indictment alleges that StealthGenie's capabilities included the following: it recorded all incoming/outgoing voice calls; it intercepted calls on the phone to be monitored while they take place; it allowed the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius; and it allowed the purchaser to monitor the user's incoming and outgoing e-mail messages and SMS messages, incoming voicemail messages, address book, calendar, photographs, and videos. All of these functions were enabled without the knowledge of the user of the phone."
Privacy

Medical Records Worth More To Hackers Than Credit Cards 70

Posted by samzenpus
from the pills-please dept.
HughPickens.com writes Reuters reports that your medical information, including names, birth dates, policy numbers, diagnosis codes and billing information, is worth 10 times more than your credit card number on the black market. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations. Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, says Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. He obtained the data by monitoring underground exchanges where hackers sell the information. Plus "healthcare providers and hospitals are just some of the easiest networks to break into," says Jeff Horne. "When I've looked at hospitals, and when I've talked to other people inside of a breach, they are using very old legacy systems — Windows systems that are 10 plus years old that have not seen a patch."
Facebook

Facebook's Atlas: the Platform For Advertisers To Track Your Movements 68

Posted by samzenpus
from the like-a-puppy-nobody-wants dept.
An anonymous reader writes In its most direct challenge to Google yet, Facebook plans to sell ads targeted to its 1.3 billion users when they are elsewhere on the Web. The company is rolling out an updated version of Atlas that will direct ads to people on websites and mobile apps. From the article: "The company said Atlas has been rebuilt 'from the ground up' to cater for today's marketing needs, such as 'reaching people across devices and bridging the gap between online impressions and offline purchases.'"
EU

EU Gives Google Privacy Policy Suggestions About Data Protection 42

Posted by samzenpus
from the do-it-this-way dept.
itwbennett writes In a letter to Google (PDF) that was published Thursday, the Article 29 Working Party, an umbrella group for European data protection authorities, said Google's privacy policy, in addition to being clear and unambiguous, should also include an exhaustive list of the types of personal data processed. But if all that information is overwhelming to users, Google should personalize the privacy policy to show users only the data processing it is performing on their data.
Businesses

How the NSA Profits Off of Its Surveillance Technology 82

Posted by Soulskill
from the i'm-guessing-ebay dept.
blottsie writes: The National Security Agency has been making money on the side by licensing its technology to private businesses for more than two decades. It's called the Technology Transfer Program, under which the NSA declassifies some of its technologies that it developed for previous operations, patents them, and, if they're swayed by an American company's business plan and nondisclosure agreements, rents them out. The products include tools to transcribe voice recordings in any language, a foolproof method to tell if someone's touched your phone's SIM card, or a version of email encryption that isn't available on the open market.
Transportation

2015 Corvette Valet Mode Recorder Illegal In Some States 266

Posted by Soulskill
from the unless-you're-the-nsa dept.
innocent_white_lamb writes: The 2015 Corvette has a Valet Mode that records audio and video when someone other than the owner is driving the car. Activating the Valet Mode allows you to record front-facing video as well as capture audio from within the car so you can help keep your Corvette safe when it's in the hands of others. Well, it turns out that recording audio from within the car may be considered a felony in some states that require notice and consent to individuals that they are being recorded. Now GM is sending notices out to dealerships and customers alerting them to this fact as well as promising a future update to the PDR system.
Encryption

FBI Chief: Apple, Google Phone Encryption Perilous 353

Posted by samzenpus
from the lock-it-down dept.
An anonymous reader writes The FBI is concerned about moves by Apple and Google to include encryption on smartphones. "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. "What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law." From the article: "Comey cited child-kidnapping and terrorism cases as two examples of situations where quick access by authorities to information on cellphones can save lives. Comey did not cite specific past cases that would have been more difficult for the FBI to investigate under the new policies, which only involve physical access to a suspect's or victim's phone when the owner is unable or unwilling to unlock it for authorities."
Government

Drones Reveal Widespread Tax Evasion In Argentina 208

Posted by timothy
from the don't-cry-for-them dept.
Tailhook (98486) writes "The Argentine government has used drones to reveal 200 homes and 100 pools in an upper class area about ten miles south of Buenos Aires that had not been detailed on tax returns. Tax officials said the drones took pictures of luxury houses standing on lots registered as empty. The evasions found by the drones amounted to missing tax payments of more than $2 million and owners of the properties have been warned they now face large fines."
Privacy

Where Whistleblowers End Up Working 224

Posted by samzenpus
from the long-and-winding-road dept.
HughPickens.com writes Jana Kasperkevic writes at The Guardian that it's not every day that you get to buy an iPhone from an ex-NSA officer. Yet Thomas Drake, former senior executive at National Security Agency, is well known in the national security circles for leaking information about the NSA's Trailblazer project to Baltimore Sun. In 2010, the government dropped all 10 felony charges against him and he pleaded guilty to a misdemeanor charge for unauthorized use of a computer and lost his livelihood. "You have to mortgage your house, you have to empty your bank account. I went from making well over $150,000 a year to a quarter of that," says Drake. "The cost alone, financially — never mind the personal cost — is approaching million dollars in terms of lost income, expenses and other costs I incurred."

John Kiriakou became the first former government official to confirm the use of waterboarding against al-Qaida suspects in 2009. "I have applied for every job I can think of – everything from grocery stores to Toys R Us to Starbucks. You name it, I've applied there. Haven't gotten even an email or a call back," says Kiriakou. According to Kasperkevic, this is what most whistleblowers can expect. The potential threat of prosecution, the mounting legal bills and the lack of future job opportunities all contribute to a hesitation among many to rock the boat. "Obama and his attorney general, Eric Holder, declared a war on whistleblowers virtually as soon as they assumed office," says Kiriakou. "Washington has always needed an "ism" to fight against, an idea against which it could rally its citizens like lemmings. First, it was anarchism, then socialism, then communism. Now, it's terrorism. Any whistleblower who goes public in the name of protecting human rights or civil liberties is accused of helping the terrorists."
Education

Ask Slashdot: How To Keep Students' Passwords Secure? 191

Posted by samzenpus
from the one-password-to-rule-them-all dept.
First time accepted submitter bigal123 writes My son's school is moving more and more online and is even assigning Chromebooks or iPads to students (depending on the grade). In some cases they may have books, but the books stay home and they have user names and passwords to the various text book sites. They also have user names/passwords to several other school resources. Most all the sites are 3rd party. So each child may have many user names (various formats) and passwords. They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids. However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation. Do others have good password management suggestions or suggestions for a single sign-on process (no/minimal cost) for kids in school accessing school provisioned resources?
Privacy

Australian Senate Introduces Laws To Allow Total Internet Surveillance 210

Posted by samzenpus
from the watching-you dept.
First time accepted submitter Marquis231 writes New laws due to be passed in Australia allow intelligence agency ASIO to spy on domestic internet traffic like never before. The Sydney Morning Herald reports: "Spy agency ASIO will be given the power to monitor the entire Australian internet and journalists' ability to write about national security will be curtailed when new legislation – expected to pass in the Senate as early as Wednesday – becomes law, academics, media organisations, lawyers, the Greens party and rights groups fear."
Privacy

Stanford Promises Not To Use Google Money For Privacy Research 54

Posted by samzenpus
from the bang-for-your-buck dept.
An anonymous reader writes Stanford University has pledged not to use money from Google to fund privacy research at its Center for Internet and Society — a move that critics claim poses a threat to academic freedom. The center has long been generously funded by Google but its privacy research has proved damaging to the search giant as of late. Just two years ago, a researcher at the center helped uncover Google privacy violations that led to the company paying a record $22.5 million fine. In 2011-2012, the center's privacy director helped lead a project to create a "Do Not Track" standard. The effort, not supported by Google, would have made it harder for advertisers to track what people do online, and likely would have cut into Google's ad revenue. Both Stanford and Google say the change in funding was unrelated to the previous research.
Censorship

DuckDuckGo Now Blocked In China 82

Posted by Soulskill
from the fowl-play-suspected dept.
wabrandsma sends this news from Tech In Asia: Privacy-oriented search engine DuckDuckGo is now blocked in China. On Sunday DuckDuckGo founder and CEO Gabriel Weinberg confirmed to Tech in Asia that the team has noticed the blockage in China on Twitter. DuckDuckGo had been working fine in mainland China since its inception, aside from the occasional 'connection reset' experienced when accessing many overseas websites from within the country. But now the search engine is totally blocked in China. ... [T]he GreatFire index of blocked sites suggest that DuckDuckGo got whacked on September 4. DuckDuckGo joins Google in being censored and blocked in the nation. Google, after years of being throttled by China's Great Firewall since the web giant turned off its mainland China servers in 2010, was finally blocked totally in June this year.
Privacy

Before Using StingRays, Police Must Sign NDA With FBI 124

Posted by samzenpus
from the the-first-rule-of-tracking-club dept.
v3rgEz writes Advanced cell phone tracking devices known as StingRays allow police nationwide to home in on suspects and to log individuals present at a given location. But before acquiring a StingRay, state and local police must sign a nondisclosure agreement with the FBI, according to documents released via a MuckRock FOIA request. As Shawn Musgrave reports, it's an unusual setup arrangement for two public agencies to swear each other to secrecy, but such maneuvers are becoming more common.
Encryption

Wired Profiles John Brooks, the Programmer Behind Ricochet 49

Posted by timothy
from the bouncy-bouncy dept.
wabrandsma writes with this excerpt from Wired: John Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the "to" and "from" headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he'd made Ricochet's code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists's sources and others.
Democrats

Emails Cast Unflattering Light On Internal Politics of Healthcare.gov Rollout 391

Posted by timothy
from the wanna-be-absolutely-clear dept.
An anonymous reader writes with this report from The Verge linking to and excerpting from a newly released report created for a committee in the U.S. House of Representatives, including portions of eight "damning emails" that offer an unflattering look at the rollout of the Obamacare website. The Government Office of Accountability released a report earlier this week detailing the security flaws in the site, but a report from the House Committee on Oversight and Government Reform released yesterday is even more damning. Titled, "Behind the Curtain of the HealthCare.gov Rollout," the report fingers the Centers for Medicare and Medicaid Services, which oversaw the development of the site, and its parent Department of Health and Human Services. "Officials at CMS and HHS refused to admit to the public that the website was not on track to launch without significant functionality problems and substantial security risks," the report says. "There is also evidence that the Administration, to this day, is continuing its efforts to shield ongoing problems with the website from public view." Writes the submitter: "The evidence includes emails that show Obamacare officials more interested in keeping their problems from leaking to the press than working to fix them. This is both both a coverup and incompetence."
Cloud

Proposed Law Would Limit US Search Warrants For Data Stored Abroad 131

Posted by timothy
from the step-in-the-right-direction dept.
An anonymous reader writes On Thursday, a bipartisan law was introduced in the Senate that would limit US law enforcement's ability to obtain user data from US companies with servers physically located abroad. Law enforcement would still be able to gain access to those servers with a US warrant, but the warrant would be limited to data belonging to US citizens. This bill, called the LEADS Act (PDF), addresses concerns by the likes of Microsoft and other tech giants that worry about the impact law enforcement over-reach will have on their global businesses. Critics remain skeptical: "we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach."
Social Networks

Netropolitan Is a Facebook For the Affluent, and It's Only $9000 To Join 178

Posted by samzenpus
from the paying-the-price dept.
MojoKid writes Facebook has become too crowded and too mundane. With around 1.3 billion Facebook users, it's understandable to be overwhelmed by everything and want to get away from it all. However, unlike Facebook which is looking to connect everyone to the internet, there is a new site called Netropolitan that focuses more on exclusivity and privacy. The site was founded by composer and former conductor of the Minnesota Philharmonic Orchestra James Touchi-Peters who wanted to provide a social media site for affluent and accomplished individuals. People wishing to join need only pay a mere $9,000 to join. Of that amount, $6,000 is the initiation fee and the remaining $3,000 is for the annual membership fee which users will continue to pay. So what does the initiation and annual fee get you? For starters, Netropolitan will offer an ad-free experience and will not promote any kind of paid promotions to its members. However, it will allow the creation of groups by businesses in which members can advertise to each other under certain guidelines.
Privacy

Apple's "Warrant Canary" Has Died 236

Posted by samzenpus
from the get-out-of-the-mine dept.
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Encryption

Next Android To Enable Local Encryption By Default Too, Says Google 126

Posted by timothy
from the keep-it-to-yourself-bub dept.
An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.

16.5 feet in the Twilight Zone = 1 Rod Serling

Working...