Slashdot Mirror

Nicola Hahn writes: While top secret NSA documents continue to trickle into the public sphere, tech industry leaders have endeavored to reassure anxious users by extolling the benefits of strong encryption. Rising demand among users for better privacy protection signifies a growth market for the titans of Silicon Valley -- this results in a tendency to frame the issue of cybersecurity in terms of the latest mobile device. Yet whistleblowers from our intelligence services offer dire warnings that contrast sharply with feel good corporate talking points. Edward Snowden, for example, noted that under mass surveillance we're essentially "tagged animals" who pay for our own tags. There's an argument to be made that the vast majority of network-connected gadgets enable monitoring far more than they protect individual liberty. In some instances, the most secure option is to opt out.

Nicola Hahn writes: Both the White House and the U.S. Intelligence Community have recently announced reforms to surveillance programs sanctioned under Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. But do these reforms represent significant restructuring or are they just bureaucratic gestures intended to create the perception that officials are responding to public pressure?

The Executive's own Privacy and Civil Liberties Oversight Board has written up an assessment (PDF) of reform measures implemented by the government. For those who want a quick summary the Board published a fact sheet (PDF) which includes a table listing recommendations made by the board almost a year ago and corresponding reforms. The fact sheet reveals that the Board's mandate to "end the NSA's bulk telephone records program" has not been implemented.

In other words, the physical infrastructure of the NSA's global panopticon is still in place. In fact, it's growing larger (PDF). So despite all of the press statements and associated media buzz very little has changed. There are people who view this as an unsettling indication of where society is headed. Ed Snowden claimed that he wanted to "trigger" a debate, but is that really enough? What will it take to tear down Big Brother?

Nicola Hahn writes: Both the White House and the U.S. Intelligence Community have recently announced reforms to surveillance programs sanctioned under Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. But do these reforms represent significant restructuring or are they just bureaucratic gestures intended to create the perception that officials are responding to public pressure?

The Executive's own Privacy and Civil Liberties Oversight Board has written up an assessment (PDF) of reform measures implemented by the government. For those who want a quick summary the Board published a fact sheet (PDF) which includes a table listing recommendations made by the board almost a year ago and corresponding reforms. The fact sheet reveals that the Board's mandate to "end the NSA's bulk telephone records program" has not been implemented.

In other words, the physical infrastructure of the NSA's global panopticon is still in place. In fact, it's growing larger (PDF). So despite all of the press statements and associated media buzz very little has changed. There are people who view this as an unsettling indication of where society is headed. Ed Snowden claimed that he wanted to "trigger" a debate, but is that really enough? What will it take to tear down Big Brother?

jones_supa writes: A North Korean official said that the secretive regime wants to mount a joint investigation with the United States to identify who was behind the cyber attack against Sony Pictures. An unnamed spokesman of the North Korean foreign ministry was quoted by the country's state news agency, KCNA, describing U.S. claims they were behind the hack as "slander." "As the United States is spreading groundless allegations and slandering us, we propose a joint investigation with it into this incident," the official said, according to Agence France-Presse. Both the FBI and President Barack Obama have said evidence was uncovered linking the hack to to North Korea, but some experts have questioned the evidence tying the attack to Pyongyang. Meanwhile, reader hessian notes that 2600: The Hacker Quarterly has offered to let the hacker community distribute The Interview for Sony. It's an offer Sony may actually find useful, since the company is now considering releasing the movie on a "different platform." Reader Nicola Hahn warns that we shouldn't be too quick to accept North Korea as the bad guy in this situation: Most of the media has accepted North Korea's culpability with little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what's happening reveals tools of modern social control (PDF). Whether or not they're responsible for the attack, North Korea has now warned of "serious consequences" if the U.S. takes action against them for it.

Nicola Hahn (1482985) writes "Though the Review Board at DEF CON squelched Bill Blunden's presentation on Chinese cyber-espionage, and the U.S. government has considered imposing visa restrictions to keep out Chinese nationals, Bill has decided to post both the presentation's slide deck and its transcript online. The talk focuses on Mike Rogers, in all his glory, a former FBI agent who delivers a veritable litany of hyperbolic misstatements (likely to be repeated endlessly on AM radio). Rather than allow the DEFCON Review Board to pass judgement as supposed .gov 'experts,' why not allow people to peruse the material and decide for themselves who is credible and who is not?" "Squelched" seems a little harsh (only so many talks can fit, and there's no accounting for taste), but it's certainly good to see any non-accepted DEF CON presentations made public.

chicksdaddy writes: "In a now-famous 2003 essay, 'Cyberinsecurity: The Cost of Monopoly,' Dr. Dan Geer argued, persuasively, that Microsoft's operating system monopoly constituted a grave risk to the security of the United States and international security, as well. It was in the interest of the U.S. government and others to break Redmond's monopoly, or at least to lessen Microsoft's ability to 'lock in' customers and limit choice. The essay cost Geer his job at the security consulting firm AtStake, which then counted Microsoft as a major customer. These days Geer is the Chief Security Officer at In-Q-Tel, the CIA's venture capital arm. But he's no less vigilant of the dangers of software monocultures. In a post at the Lawfare blog, Geer is again warning about the dangers that come from an over-reliance on common platforms and code. His concern this time isn't proprietary software managed by Redmond, however, it's common, oft-reused hardware and software packages like the OpenSSL software at the heart (pun intended) of Heartbleed. 'The critical infrastructure's monoculture question was once centered on Microsoft Windows,' he writes. 'No more. The critical infrastructure's monoculture problem, and hence its exposure to common mode risk, is now small devices and the chips which run them.'"

An anonymous reader writes "The Snowden revelations continue, with The Intercept releasing an NSA document titled 'I hunt sys admins' (PDF on Cryptome). The document details NSA plans to break into systems administrators' computers in order to gain access to the networks they control. The Intercept has a detailed analysis of the leaked document. Quoting: 'The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. "Who better to target than the person that already has the ‘keys to the kingdom’?" one of the posts says.'"

Advocatus Diaboli writes with this excerpt from an article by Glenn Greenwald on the pervasiveness of shills poisoning web forums: "One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It's time to tell a chunk of that story, complete with the relevant documents.. ... Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the Internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: 'false flag operations' (posting material to the Internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting 'negative information' on various forums." I guess Cryptome was right. Check out the the training materials provided to future forum spies.

An anonymous reader points out this recently published study (PDF) on detecting malicious (or at least suspicious) Tor exit relays. From their conclusions: "After developing a scanner, we closely monitored all ~1000 exit relays over a period of four months. Wed discovered 25 relays which were either outright malicious or simply misconfigured. Interestingly, the majority of the attacks were coordinated instead of being isolated actions of independent individuals. Our results further suggest that the attackers made an active effort to remain under the radar and delay detection." One of the authors, Philipp Winter, wrote a followup blog post to help clarify what the paper's findings mean for Tor users, including this clarification: "First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays 'in the wild."

First time accepted submitter a.ferrier writes "Today's computing would be unthinkable without the contributions of the British mathematician Alan Turing, who laid down the foundations of computer science, broke Nazi codes that helped win World War II at the famous Bletchley Park, created a secure speech encryption system, made major contributions to logic and philosophy, and even invented the concept of Artificial Intelligence. But he was also an eccentric and troubled man who was persecuted (and prosecuted) for being gay, a tragedy that contributed to his suicide just short of the age of 42 when he died of cyanide poisoning, possibly from a half-eaten apple found by his side. He is hailed today as one of the great originators of our computing age. Today he received a royal pardon."

andrewa writes "In an interview with Der Spiegel Snowden claims that the NSA, amongst other things, collaborated with Israel to write the Stuxnet virus. Not that this is news, as it has been suspected that it was a collaborative effort for some time. When asked about active major programs and how international partners help, Snowden says: 'The partners in the "Five Eyes" (behind which are hidden the secret services of the Americans, the British, the Australians, New Zealanders and Canadians -- ed.) sometimes go even further than the NSA people themselves. Take the Tempora program of the British intelligence GCHQ for instance. Tempora is the first "I save everything" approach ("Full take") in the intelligence world. It sucks in all data, no matter what it is, and which rights are violated by it. This buffered storage allows for subsequent monitoring; not a single bit escapes. Right now, the system is capable of saving three days’ worth of traffic, but that will be optimized. Three days may perhaps not sound like a lot, but it's not just about connection metadata. "Full take" means that the system saves everything. If you send a data packet and if makes its way through the UK, we will get it. If you download anything, and the server is in the UK, then we get it. And if the data about your sick daughter is processed through a London call center, then ... Oh, I think you have understood.'"

porsche911 writes "A hacker group called 'Parastoo' have broken into an International Atomic Energy Agency computer and released details of more than 100 IAEA experts. They are asking the experts to criticize Israel's nuclear arsenal (English translation)." The IAEA confirms the breach happened, but that it was of a decommissioned server. The statement from Parastoo courtesy of Cryptome.

dynamo52 sends this quote from Ars about a breach involving a Bitcoin exchange: "More than $87,000 worth of the virtual currency known as Bitcoin was stolen after online bandits penetrated servers belonging to Bitcoinica, prompting its operators to temporarily shutter the trading platform to contain the damage. Friday's theft came after hackers accessed Bitcoinica's production servers and depleted its online wallet of 18,547 BTC, as individual Bitcoin units are called, company officials said in a blog post published on Friday. It said the heist affected only a small fraction of Bitcoinica's overall bitcoin deposits and that all withdrawal requests will be honored once the platform reopens." Reader linhares points out a forum post discussing how the attacker(s) hinted at a 'mass leak' in the near future. This attack comes shortly after a leak of a different sort — an FBI document (PDF) about Bitcoin found it way onto the internet. It seems they're worried about the virtual currency's potential use in criminal activities.

wiredmikey writes with an excerpt from Security Week:"Whistleblower site Cryptome has been hacked and infected by the Blackhole exploit kit. ... Cryptome co-founder John Young however told SecurityWeek that the Cryptome site is in the process of cleaning everything up, and that process should be finished by the end of the day. Founded in 1996, Cryptome publishes thousands of documents, including many related to national security, law enforcement and military. On Feb. 12, a reader advised the site that accessing a file had triggered a warning in their antivirus about the Blackhole exploit kit. ... Subsequent analysis found thousands of files on the site had been infected." Cryptome has certainly seen worse.

decora writes "An SAIC analyst has written a paper [PDF] calling for the 'stigmatization' of the 'unattractive' types who tend to discuss government secrets in public. The plan, described in the Naval Postgraduate School Homeland Security Affairs journal, is to promote self-censorship as a 'civic duty'. Who needs to censor themselves? Amateur enthusiasts who describe satellite orbits, scientists who describe threats to the food supply, graduate students mapping the internet, the Government Accountability Office, which publishes failure reports on the TSA, the US Geologic Survey, which publishes surface water information, newspapers (the New York Times), TV shows, journalism websites, anti-secrecy websites, and even security author Bruce Schneier, to name a few."

SillySnake writes with this excerpt from Reuters: "Tokyo Electric Power Co (TEPCO) said it had found a crack in the pit at its No.2 reactor in Fukushima, generating readings 1,000 millisieverts of radiation per hour in the air inside the pit. 'With radiation levels rising in the seawater near the plant, we have been trying to confirm the reason why, and in that context, this could be one source,' said Hidehiko Nishiyama, deputy head of the Nuclear and Industrial Safety Agency (NISA), said on Saturday." Also of interest: Cryptome is featuring high-res photos of the reactor site, taken by UAV.

mask.of.sanity writes "An Australian high school has installed 'secure' fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance. The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatin, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatin has virtually the same capacitance as a finger's skin."

JDRucker writes "Supporters are concerned. Very concerned. Would-be whistle-blowers hoping to leak documents to Wikileaks face a potentially frustrating surprise. Wikileaks' submission process, which had been degraded for months, completely collapsed more than two weeks ago and remains offline, in a little-noted breakdown at the world's most prominent secret-spilling website."

grimwell sends in the news that after Cryptome's little run-in with Microsoft and NetSol, the activist site has now had its funds frozen by PayPal. Cryptome founder John Young notes, "Google lists thousands of instances of this asymmetrical high-handedness." "We have reviewed your PayPal Account, and due to the excessive risk involved, we would like to begin parting ways in a manner that is least disruptive to your business."

AHuxley writes "The FBI, via the Office of Management and Budget, would like to find out more about your information technology expertise if you are part of InfraGard. Terms like 'practical utility' have been included in a 60-day emergency notice of information collection via the Paperwork Reduction Act of 1995. Is your boss or cubicle colleague part of InfraGard? It's a private, non-profit organization run as a public-private partnership with the Federal Bureau of Investigation. Are they passing info back about you or your company?"

A travel blog breaks the story of a poor job of redacting by the TSA: they posted a PDF of airport screening policies, with certain sections blacked out — not realizing that simply laying a black rectangle over the text is hardly sufficient. Cryptome has posted a copy with the redaction removed (ZIP).

ogaraf writes "Wired has a story about how the site Cryptome.org leaked the price lists for 'lawful spying' activities of Yahoo and other companies, and subsequently received a DMCA takedown notice from Yahoo. The documents, however, are still posted online, and in them you can learn, for instance, that IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."

ogaraf writes "Wired has a story about how the site Cryptome.org leaked the price lists for 'lawful spying' activities of Yahoo and other companies, and subsequently received a DMCA takedown notice from Yahoo. The documents, however, are still posted online, and in them you can learn, for instance, that IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."

Eugen tips news that Microsoft has sent DMCA takedown notices to several websites to stop them from offering the Computer Online Forensic Evidence Extractor (COFEE) tool for download after it was leaked earlier this month. One of the sites, Cryptome.org, has posted their correspondence with Microsoft over the software. "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."

Ringo Kamens writes to ask if the use of Hushmail can still be considered a secure method of communication: "For a long time, Hushmail was considered a very secure email provider until an affidavit (PDF) from a DEA agent in 2007 showed that they had handed over 12 CDs of possibly decrypted data to law enforcement. Now, Cryptome has posted that the Hushmail encryption program is no longer the same program for which Hushmail releases their source. Is Hushmail even safe to use anymore?"

Zeinfeld writes "Wired reports that one time Clipper Chip supporter Dorothy Denning wrote a report on using blogs for information warfare in 2006 (a report available from cryptome). Amongst the proposals were hiring bloggers directly as propaganda agents and using military media resources to 'make' a blogger posting favorable material. Notably, and most unfortunately absent from the report, is the very real question of whether the military should be manipulating domestic media." Is meme warfare just another battleground, or is this dirty pool?

kan0r writes "The transparency group WikiLeaks.org currently seems to be under heavy fire. The main WikiLeaks.org DNS entry is unavailable, reportedly due to a restraining order relating to a series of articles and documents released by WikiLeaks about off-shore trust structures in the Cayman Islands. The WikiLeaks whistle blower, allegedly former vice president of the Cayman Islands branch of swiss bank Julius Baer, states in the WikiLeaks documents that the bank supported tax evasion and money laundering by its clients from around the world. WikiLeaks alternate names remained available until Saturday, when there seems to have been a heavy DDoS attack and a fire at the ISP. The documents in question are still available on other WikiLeaks sites, such as wikileaks.be, and are also mirrored on Cryptome. Details of the court documents have also been made available."

George Maschke writes "Cryptome, a website concerned with encryption, privacy, and government secrecy, has received two weeks' notice from Verio that its service will be terminated for unspecified "violation of [its] Acceptable Use Policy." Cryptome has a history of making publicly available documents and information that governments would rather keep secret. For the notice, and a public response by Cryptome webmaster John Young, see Cryptome Shutdown by Verio/NTT."

George Maschke writes "Cryptome, a website concerned with encryption, privacy, and government secrecy, has received two weeks' notice from Verio that its service will be terminated for unspecified "violation of [its] Acceptable Use Policy." Cryptome has a history of making publicly available documents and information that governments would rather keep secret. For the notice, and a public response by Cryptome webmaster John Young, see Cryptome Shutdown by Verio/NTT."

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including Oklahoma's Spyware Bill dies a quiet death, Lenovo denies ditching Linux, Mars rover escapes again, RIM CEO speaks out against unlimited wireless, Microsoft LiveMail gets ads, FSF anti-DRM campaign expands, and AT&T calls Wired to task over leaked documents -- Read on for details.

Oklahoma's Spyware Bill dies a quiet death. enforcer999 writes to tell us that the Oklahoma Computer Spyware Protection Act has been pretty much dismantled by the Senate review committee. From the article: "Sen. Clark Jolley, R-Edmond, the Senate author of the legislation, said revisions he had made to the bill were well received by those who had originally opposed it, but that after making the changes, the companies backing the measure -- which had included Microsoft and Symantec Corp. -- opposed it."

Lenovo denies ditching Linux. btornado writes "According to News.com, Lenovo has denied ditching Linux on their notebook computers. Lenovo actually plans to support Linux on its ThinkPads starting in the third quarter, in partnership with Novell. From the article: 'Customers of the recently introduced Lenovo 3000 units still won't have a preloaded option, however, because the small and midsize business customers that are the targets for those units have many different requirements, he said.'"

Mars rover escapes again. An anonymous reader writes "New Scientist is reporting that NASA's Mars Opportunity rover has freed itself from the sandy soil that ensnared it for more than a week. This is the second time the rover has gotten bogged down in a Martian sand trap. Both times, the rover has managed to escape to solid bedrock by churning its wheels in reverse."

RIM CEO speaks out against unlimited wireless. frdmfghtr writes "The president and co-CEO of Research in Motion seems to think that wireless data services providing unlimited data traffic for a flat monthly rate will have a 'devastating effect on wireless innovation.' From the article: '"No matter how you slice it, bandwidth is not free," he said. "If we don't set up economic incentives now, research and innovation for new networks won't happen for the future. We want companies to be encouraged to make efficient use of the network, so we don't cross over and use up all the capacity of the networks." Counters Jeff Pulver, the founder of Pulver Media, saying that (FTA) "unlimited bandwidth use in the wireless world is needed because access to the network is what spurs innovation."'"

Microsoft LiveMail gets ads. Blahbooboo3 writes to tell us BetaNews is reporting that Microsoft will be embedding advertising in their new e-mail client software, Windows Live Mail Desktop. Similar to Google's Gmail, it will serve ads based on the text of your mail messages. Microsoft's Active Search feature, being tested within Windows Live Mail Desktop, scans users' emails and displays potential search terms related to that email as well as text-based contextual ads. The effort is an example of the Windows Live ad-supported software initiative. Contextually relevant ads served by Microsoft-partner Kanoodle will be displayed next to each email message. Also, paid search links will be served by Microsoft adCenter when users conduct searches via a search box that's built into the mail interface.

FSF anti-DRM campaign expands. nanday writes "According to an article on Newsforge (Also owned by VA), the Free Software Foundation's Defective by Design campaign against Digital Rights Management expanded on Saturday, targeting Apple Stores in eight American cities. However, unlike the event outside WinHEC 2006 two weeks ago, this time the police and security guards were waiting when campaign volunteers arrived to demonstrate."

AT&amp:T calls Wired to task over leaked documents. John Young writes to tell us that AT&T is standing in opposition [PDF] to Wired's recent intervention and the unsealing of documents. AT&T stated that "Wired argues that it has a 'unique perspective in this case.' If that is anything other than hot air, it is a reference to the fact that Wired has leaked eight pages of what it claims are AT&T Proprietary documents--and did so despite actual knowledge that AT&T claims its documents contain trade secrets and the Court had ordered that such documents remain under seal. A 'unique perspective' indeed--that of the scofflaw. [...] Wired maintains that the Klein and Marcus Declarations should be unsealed in their entirety because "the course of events has overtaken the sealing order." The "course of events" to which Wired refers is, of course, its own leaking of subsets of the information that the Court ordered remain under seal. Wired's argument appears to be that because it has openly chosen to disregard the Court's order (not to mention AT&T's rights) the Court should reverse that order. Talk about chutzpah."

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including Oklahoma's Spyware Bill dies a quiet death, Lenovo denies ditching Linux, Mars rover escapes again, RIM CEO speaks out against unlimited wireless, Microsoft LiveMail gets ads, FSF anti-DRM campaign expands, and AT&T calls Wired to task over leaked documents -- Read on for details.

Oklahoma's Spyware Bill dies a quiet death. enforcer999 writes to tell us that the Oklahoma Computer Spyware Protection Act has been pretty much dismantled by the Senate review committee. From the article: "Sen. Clark Jolley, R-Edmond, the Senate author of the legislation, said revisions he had made to the bill were well received by those who had originally opposed it, but that after making the changes, the companies backing the measure -- which had included Microsoft and Symantec Corp. -- opposed it."

Lenovo denies ditching Linux. btornado writes "According to News.com, Lenovo has denied ditching Linux on their notebook computers. Lenovo actually plans to support Linux on its ThinkPads starting in the third quarter, in partnership with Novell. From the article: 'Customers of the recently introduced Lenovo 3000 units still won't have a preloaded option, however, because the small and midsize business customers that are the targets for those units have many different requirements, he said.'"

Mars rover escapes again. An anonymous reader writes "New Scientist is reporting that NASA's Mars Opportunity rover has freed itself from the sandy soil that ensnared it for more than a week. This is the second time the rover has gotten bogged down in a Martian sand trap. Both times, the rover has managed to escape to solid bedrock by churning its wheels in reverse."

RIM CEO speaks out against unlimited wireless. frdmfghtr writes "The president and co-CEO of Research in Motion seems to think that wireless data services providing unlimited data traffic for a flat monthly rate will have a 'devastating effect on wireless innovation.' From the article: '"No matter how you slice it, bandwidth is not free," he said. "If we don't set up economic incentives now, research and innovation for new networks won't happen for the future. We want companies to be encouraged to make efficient use of the network, so we don't cross over and use up all the capacity of the networks." Counters Jeff Pulver, the founder of Pulver Media, saying that (FTA) "unlimited bandwidth use in the wireless world is needed because access to the network is what spurs innovation."'"

Microsoft LiveMail gets ads. Blahbooboo3 writes to tell us BetaNews is reporting that Microsoft will be embedding advertising in their new e-mail client software, Windows Live Mail Desktop. Similar to Google's Gmail, it will serve ads based on the text of your mail messages. Microsoft's Active Search feature, being tested within Windows Live Mail Desktop, scans users' emails and displays potential search terms related to that email as well as text-based contextual ads. The effort is an example of the Windows Live ad-supported software initiative. Contextually relevant ads served by Microsoft-partner Kanoodle will be displayed next to each email message. Also, paid search links will be served by Microsoft adCenter when users conduct searches via a search box that's built into the mail interface.

FSF anti-DRM campaign expands. nanday writes "According to an article on Newsforge (Also owned by VA), the Free Software Foundation's Defective by Design campaign against Digital Rights Management expanded on Saturday, targeting Apple Stores in eight American cities. However, unlike the event outside WinHEC 2006 two weeks ago, this time the police and security guards were waiting when campaign volunteers arrived to demonstrate."

AT&amp:T calls Wired to task over leaked documents. John Young writes to tell us that AT&T is standing in opposition [PDF] to Wired's recent intervention and the unsealing of documents. AT&T stated that "Wired argues that it has a 'unique perspective in this case.' If that is anything other than hot air, it is a reference to the fact that Wired has leaked eight pages of what it claims are AT&T Proprietary documents--and did so despite actual knowledge that AT&T claims its documents contain trade secrets and the Court had ordered that such documents remain under seal. A 'unique perspective' indeed--that of the scofflaw. [...] Wired maintains that the Klein and Marcus Declarations should be unsealed in their entirety because "the course of events has overtaken the sealing order." The "course of events" to which Wired refers is, of course, its own leaking of subsets of the information that the Court ordered remain under seal. Wired's argument appears to be that because it has openly chosen to disregard the Court's order (not to mention AT&T's rights) the Court should reverse that order. Talk about chutzpah."

Encrypted Anonymous Coward writes "The Baltimore Sun reveals the existence of an interesting experimental NSA program codenamed ThinThread from the late 90`s. The program involved link analysis of traffic data, with a twist; The phone numbers from the U.S. would only be analyzed in an encrypted form. This way the analysis would potentially be possible under existing privacy laws, according to the people behind the program. The NSA could gather further unencrypted details if there was evidence of a threat. Political infighting seems to have dropped an interesting and respectful program from the books."

Slashback tonight brings updates and continuations of recent Slashdot stories including a continuation of the Massachusetts document format debate, a response from the US State Department on RFID passports, a unique celebration of Firefox's 100 millionth download, and more.

Politics still muddying the water of the MA OpenDocument debate. The Commonwealth's Secretary of State William Galvin says he has "grave concerns" about the switch and told secretary of administration and finance Thomas Trimarco that "we will not be participating." Galvin is considered one of the strong candidates to run as a rival candidate for next year's gubernatorial race against incumbent Mitt Romney who supports the switch.

RFID passports still the best option. The US State Department released a final ruling on the issue of RFID technology to be included in all US passports after October 2006 which also contained some of the reasoning behind their move. Other technologies were apparently looked at and discarded due to the difficulty of implementation and several security measures have apparently been taken to try and placate the opposition.

Firefox fans at Oregon State celebrate 100 million downloads. CNet has a pictorial about a local OSU LUG that had a few interesting ways to celebrate the recent big numbers on the Firefox downloads page. Happy to show their support students both painted a giant Firefox logo and launched a weather balloon, I can't think of any better way to say congratulations.

DrDOS didn't really break, it just reverted. The FreeDOS folks have an update on their webpage stating that DrDOS 8.1 no longer exists and all links on the DrDOS webpage apparently point to DrDOS 7.03. There were some negative reactions to the release or 8.1 stating that it included software that it shouldn't have so for now the "band-aid" fix appears to be in place.

Flexbeta takes a look at Flock. Noting the roots of Flock in Mozilla's Firefox browser, the folks over at Flexbeta take a quick look at the additional functionality offered by this newcomer. This comes with the recent news that Flock has also decided to open source their browser. Looks like this Firefox offspring is fighting hard for some recognition of its own.

iTunes continues to take over the world. With the recent release of iTunes Australia and Apple's continued growth in the industry a recent announcement brings us "Standford on iTunes". This new service will give alumni and the general public access to a wide range of Stanford-specific digital audio content.

mitd writes "Hal Finney is inviting folks to test drive his new hashcash-based server rpow.net. " The RPOW system provides for proof of work (POW) tokens to be reused. A POW token is something that takes a relatively long time to compute but which can be checked quickly." Hal's security model paper is well worth the read and his proof of concept code is available for download. "

aaronsorkin writes "The Recording Industry Association of America has discovered that digital radio broadcasts can be copied and redistributed over the Internet, and so it is pushing the FCC to adopt an audio broadcast flag, which would likely prevent users from sending copyrighted radio programs over the Internet. But it could also hamstring other legitimate uses by preventing a digital radio program from leaving the device on which it was recorded. The FCC has initiated a notice of inquiry (pdf), typically a step leading to formal rule-making. The public may submit comments to the FCC between June 16 and July 16. A lobbyist friend sent me copies of the private correspondence on the subject between RIAA president Cary Sherman and Consumer Electronics Association president Gary Shapiro, and Cryptome just posted them here (pdf) and here (pdf). Yes, they're legit. Mindjack just posted an article I wrote on the subject titled, 'Will Digital Radio Be Napsterized?'"

aaronsorkin writes "The Recording Industry Association of America has discovered that digital radio broadcasts can be copied and redistributed over the Internet, and so it is pushing the FCC to adopt an audio broadcast flag, which would likely prevent users from sending copyrighted radio programs over the Internet. But it could also hamstring other legitimate uses by preventing a digital radio program from leaving the device on which it was recorded. The FCC has initiated a notice of inquiry (pdf), typically a step leading to formal rule-making. The public may submit comments to the FCC between June 16 and July 16. A lobbyist friend sent me copies of the private correspondence on the subject between RIAA president Cary Sherman and Consumer Electronics Association president Gary Shapiro, and Cryptome just posted them here (pdf) and here (pdf). Yes, they're legit. Mindjack just posted an article I wrote on the subject titled, 'Will Digital Radio Be Napsterized?'"

muddy_mudskipper writes "From John Young's cryptome.org website, is a newly posted pdf copy of the "Lessons Learned from RFID Field Test" as compiled by the Field Test Program Manager of the Auto ID Center. It is interesting to note the photographs of the different passive RFID antennas that could be used in product packaging - some small enough to fit into a soap box. Also curious is how many sector antennas have to pepper the test center in order to approach 100% RFID readability. 'In March 2001 a team comprised of Auto-ID Center sponsors (technology & end users) was assembled to plan and implement a Field Test aimed at taking the Auto-ID EPC technology from the laboratory to the real world environment with the objective of proving the power and effectiveness of the EPC and to blaze a trail for future adoption' "

muddy_mudskipper writes "From John Young's cryptome.org website, is a newly posted pdf copy of the "Lessons Learned from RFID Field Test" as compiled by the Field Test Program Manager of the Auto ID Center. It is interesting to note the photographs of the different passive RFID antennas that could be used in product packaging - some small enough to fit into a soap box. Also curious is how many sector antennas have to pepper the test center in order to approach 100% RFID readability. 'In March 2001 a team comprised of Auto-ID Center sponsors (technology & end users) was assembled to plan and implement a Field Test aimed at taking the Auto-ID EPC technology from the laboratory to the real world environment with the objective of proving the power and effectiveness of the EPC and to blaze a trail for future adoption' "

An anonymous reader writes "Cryptome is reporting that Torch Concepts, the DOD contractor to whom JetBlue gave away its customers' personal information, is now sending cease and desist letters to the privacy activist Bill Scannell (who blew the whistle on the JetBlue scandal) and Len Sassaman, who made the evidence available on his website. The claim made by Torch is copyright violation -- are we about to see the DMCA used to silence corporate and government whistle-blowers? (Ironically, Scannell and Sassaman were two of the key people who launched the campaign to free DMCA victim Dmitry Sklyarov. Karma?"

An anonymous reader writes "Cryptome is reporting that Torch Concepts, the DOD contractor to whom JetBlue gave away its customers' personal information, is now sending cease and desist letters to the privacy activist Bill Scannell (who blew the whistle on the JetBlue scandal) and Len Sassaman, who made the evidence available on his website. The claim made by Torch is copyright violation -- are we about to see the DMCA used to silence corporate and government whistle-blowers? (Ironically, Scannell and Sassaman were two of the key people who launched the campaign to free DMCA victim Dmitry Sklyarov. Karma?"

An anonymous reader writes "Cryptome is reporting that Torch Concepts, the DOD contractor to whom JetBlue gave away its customers' personal information, is now sending cease and desist letters to the privacy activist Bill Scannell (who blew the whistle on the JetBlue scandal) and Len Sassaman, who made the evidence available on his website. The claim made by Torch is copyright violation -- are we about to see the DMCA used to silence corporate and government whistle-blowers? (Ironically, Scannell and Sassaman were two of the key people who launched the campaign to free DMCA victim Dmitry Sklyarov. Karma?"

Slashback tonight brings you more on the recent cracking of GSM encryption,the odds of file sharers escaping industry scrutiny in Canada, the recently found (and stomped) OpenSSH bug, installation-time ads in Mandrake, and more. Read on below for the details.

Art of the Saber Jagaast writes "As a counterpoint to all the hype about the Star Wars kid, here's a Star Wars fan film that's actually very well done. Art of the Saber is 'a light saber fight sequence with the flavor of a Hong Kong martial arts action movie.' Well worth watching." Update by J : I've made torrents available.

Vote early, often, and reversably. An anonymous reader writes "As a follow up to a previous story here on Slashdot on electronic voting, Excite has a story on the same subject with a bit more information including this amazing quote from Deborah Seiler, Diebold's West Coast sales representative: '"These activists don't understand what they're looking at," Seiler said.'"

GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"

Mandrake ads...take 2 *no comment* writes "Apparently there has been some controversy over the ads in the upcoming Mandrake 9.2. I thought it was pretty cut & dried, but apparently Mandrake thought it was enough of a controversy to to release a written statement about it. I wonder how many flames were posted in the slashdot forum using the download version of Opera."

Blaster Worm still alive and well on MIT campus fwc writes "MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."

A big AWOOOGAH for Canadian file sharers. Rumor writes in response to a recent story suggesting that Canadian users could swap files scot-free: "Listen, Canadians, don't go using your p2p apps and thinking you are immune from lawsuit, you are liable for copyright infringement if you share files on p2p apps.

To wit: a fellow law student and I have written an analysis of s. 80 of the Copyright Act and we've concluded that one can download music safely under the Private Copying provision, but no one can share or upload files without infringing on copyright.

In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement.

The upside is that you can accept copies from other people (ie. download) all you want. Although there might be an issue of contributory infringement to worry about... I won't go into analyzing that, since so far the record companies are only suing uploaders.

The article can be found on greplaw.

I've recently confirmed this analysis with an IP law professor at my university, so I'm pretty damn sure of it. So, please, be aware of this danger. Downloading cool, uploading/sharing not. I guess the situation still better than nothing."

Why not ask for your money back? zaaj writes "There are several articles out about a newly found/fixed(openssh.org) buffer management bug in OpenSSH and some derivatives. Cisco's Advisory only mentions DoS attacks against certain of their SSH-enabled devices, but ZDNet's article hints at rumors of long-existing root exploits. Regardless, RedHat's got their typical list of updated packages with the patch back-ported. A few other distro's have info in the vendor section of Cert's advisory CA-2003-24"

Slashback tonight brings you more on the recent cracking of GSM encryption,the odds of file sharers escaping industry scrutiny in Canada, the recently found (and stomped) OpenSSH bug, installation-time ads in Mandrake, and more. Read on below for the details.

Art of the Saber Jagaast writes "As a counterpoint to all the hype about the Star Wars kid, here's a Star Wars fan film that's actually very well done. Art of the Saber is 'a light saber fight sequence with the flavor of a Hong Kong martial arts action movie.' Well worth watching." Update by J : I've made torrents available.

Vote early, often, and reversably. An anonymous reader writes "As a follow up to a previous story here on Slashdot on electronic voting, Excite has a story on the same subject with a bit more information including this amazing quote from Deborah Seiler, Diebold's West Coast sales representative: '"These activists don't understand what they're looking at," Seiler said.'"

GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"

Mandrake ads...take 2 *no comment* writes "Apparently there has been some controversy over the ads in the upcoming Mandrake 9.2. I thought it was pretty cut & dried, but apparently Mandrake thought it was enough of a controversy to to release a written statement about it. I wonder how many flames were posted in the slashdot forum using the download version of Opera."

Blaster Worm still alive and well on MIT campus fwc writes "MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."

A big AWOOOGAH for Canadian file sharers. Rumor writes in response to a recent story suggesting that Canadian users could swap files scot-free: "Listen, Canadians, don't go using your p2p apps and thinking you are immune from lawsuit, you are liable for copyright infringement if you share files on p2p apps.

To wit: a fellow law student and I have written an analysis of s. 80 of the Copyright Act and we've concluded that one can download music safely under the Private Copying provision, but no one can share or upload files without infringing on copyright.

In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement.

The upside is that you can accept copies from other people (ie. download) all you want. Although there might be an issue of contributory infringement to worry about... I won't go into analyzing that, since so far the record companies are only suing uploaders.

The article can be found on greplaw.

I've recently confirmed this analysis with an IP law professor at my university, so I'm pretty damn sure of it. So, please, be aware of this danger. Downloading cool, uploading/sharing not. I guess the situation still better than nothing."

Why not ask for your money back? zaaj writes "There are several articles out about a newly found/fixed(openssh.org) buffer management bug in OpenSSH and some derivatives. Cisco's Advisory only mentions DoS attacks against certain of their SSH-enabled devices, but ZDNet's article hints at rumors of long-existing root exploits. Regardless, RedHat's got their typical list of updated packages with the patch back-ported. A few other distro's have info in the vendor section of Cert's advisory CA-2003-24"

An anonymous reader writes "Cryptome has learned www.autoidcenter.org (RFID flak) has made internal memos available for perusal at their site. Those RFID people sure have some interesting plans for the future. Who needs conspiracy theories, when you can hear it from the horses mouth? Weeeeee!"

cf_33073 writes "Scary stuff for the privacy advocates out there. Your Internet telephone conversations may soon be tapped by the government. Anyone else concerned about these intercepts being hacked? Full text of the RFC Is available (mirror)"

palme999 writes "Citibank is trying to get a gag order for new vulnerabilities found in the cryptographic equipment commonly used to protect the PINs of ATM transactions. The vulnerabilities came to light during a court case involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure."

de la mettrie writes "The EU Commission has agreed in principle to make airlines provide U.S. Homeland Security with detailed passenger data for flights to the USA. Things Uncle Sam would like to know about passengers include their itinerary, their credit card number and whether or not they asked for a meal without pork. The data are supposed to help prevent terror attacks and are to be 'handled appropriately'." The U.S. is collecting the data for a massive passenger database, intended to increase passenger profiling.

PaulBu writes "Stopped by on Cryptome tonight... It seems that their logs have been subpoenaed by Massachusetts Assistant Attorney General Chief, Corruption, Fruad (sic) & Computer Crime Division. Cryptome's answer was that "logs of Cryptome are deleted daily, or more often during heavy traffic, to protect the privacy of visitors to the site." (Good job!) See here"

PaulBu writes "Stopped by on Cryptome tonight... It seems that their logs have been subpoenaed by Massachusetts Assistant Attorney General Chief, Corruption, Fruad (sic) & Computer Crime Division. Cryptome's answer was that "logs of Cryptome are deleted daily, or more often during heavy traffic, to protect the privacy of visitors to the site." (Good job!) See here"

A reader writes:"After a SF Weekly column on DARPA's TIA, attention has turned to the Poindexter Family house. Using legal/public means groups are finding and publishing Alan's phone numbers, address, etc."Those with access to DMV and criminal records databases, credit card records, telephone bills, tax records, birth and death and marriage records, medical records, and similar personally identifiable databases could combine their information publicly to assist in the demonstration." Some seem to trust in TIA's benevolence, but I believe otherwise. Perhaps it is already too late? At least I can rest assured HumanID isn't operational. Yet. "