Slashdot Mirror

blottsie writes: Yet another security researcher is facing possible prosecution under the CFAA for accessing data on a publicly accessible server. The FBI on Tuesday raided Texas-based dental software security researcher Justin Shafer, who found the protected health records of 22,000 patients stored on an anonymous FTP. "This is a troubling development. I hope the government doesn't think that accessing unsecured files on a public FTP server counts as an unauthorized access under the CFAA," Orin Kerr, a George Washington University law professor and CFAA scholar told the Daily Dot. "If that turns out to be the government's theory -- which we don't know yet, as we only have the warrant so far -- it will be a significant overreach that raises the same issues as were briefed but not resolved in [Andrew 'weev' Auernheimer's] case. I'll be watching this closely." It was also reported this week via The Intercept that a provision snuck into the still-secret text of the Senate's annual intelligence authorization that would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy.

An anonymous reader quotes a report from The Daily Dot: Millennials stand apart from other Americans in preferring faster Internet access to safer Internet access, according to a new survey. When digital-authentication firm SecureAuth asked people from all age groups whether they would rather be safer online or browse faster online, 57 percent of Americans chose security and 43 percent chose speed. But among millennials, the results were almost reversed: 54 percent chose speed over security. Young people are also more willing than the overall population to share sensitive information over public Wi-Fi connections, which are notoriously insecure as they allow anyone on the network to analyze and intercept passing traffic. While a clear majority (57 percent) of Americans told SecureAuth that they transmitted such information over public Wi-Fi, nearly eight in 10 (78 percent) of millennials said they did so. A surprising 44 percent of millennials believe their data is generally safe from hackers, and millennials are more likely than members of other age groups to share account passwords with friends. Americans overall are paying more attention to some aspects of digital security. An October 2015 study by the wireless industry's trade group found that 61 percent of Americans use passwords on their smartphones and 58 percent use them on their tablets, compared to 50 percent and 48 percent, respectively, in 2012. The recent study lines up with a report published on May 24 that found that the elderly use more secure passwords than millennials.

An anonymous reader quotes a report from The Daily Dot: Millennials stand apart from other Americans in preferring faster Internet access to safer Internet access, according to a new survey. When digital-authentication firm SecureAuth asked people from all age groups whether they would rather be safer online or browse faster online, 57 percent of Americans chose security and 43 percent chose speed. But among millennials, the results were almost reversed: 54 percent chose speed over security. Young people are also more willing than the overall population to share sensitive information over public Wi-Fi connections, which are notoriously insecure as they allow anyone on the network to analyze and intercept passing traffic. While a clear majority (57 percent) of Americans told SecureAuth that they transmitted such information over public Wi-Fi, nearly eight in 10 (78 percent) of millennials said they did so. A surprising 44 percent of millennials believe their data is generally safe from hackers, and millennials are more likely than members of other age groups to share account passwords with friends. Americans overall are paying more attention to some aspects of digital security. An October 2015 study by the wireless industry's trade group found that 61 percent of Americans use passwords on their smartphones and 58 percent use them on their tablets, compared to 50 percent and 48 percent, respectively, in 2012. The recent study lines up with a report published on May 24 that found that the elderly use more secure passwords than millennials.

Reader erier2003 shares an article on Daily Dot: Contrary to the claims of America's top spies, the details of your phone calls and text messages -- including when they took place and whom they involved -- are no less revealing than the actual contents of those communications. In a study published online Monday in the journal Proceedings of the National Academy of Sciences, Stanford University researchers demonstrated how they used publicly available sources -- like Google searches and the paid background-check service Intelius -- to identify "the overwhelming majority" of their 823 volunteers based only on their anonymized call and SMS metadata. The results cast doubt on claims by senior intelligence officials that telephone and Internet "metadata" -- information about communications, but not the content of those communications -- should be subjected to a lower privacy threshold because it is less sensitive. Contrary to those claims, the researchers wrote, "telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences."IEEE has more details.

Patrick O'Neill quotes a report from The Daily Dot: The FBI team that brought down Silk Road has a new home. After headline-grabbing investigations, arrests, and prosecutions on some of America's highest-profile cybercriminals, five of U.S. law enforcement's most prized cybercrime aces have all left government service for greener pastures -- a titan consulting firm called Berkeley Research Group (BRG). BRG's newly hired gang of five includes former federal prosecutor Thomas Brown, as well as former FBI agents Christopher Tarbell, Thomas Kiernan, and Ilhwan Yum -- names that punctuated many of the biggest cybercrime stories of the last decade including Silk Road, LulzSec, Liberty Reserve, as well as the hacks of Citibank, PNC Bank, and the Rove Digital botnet; and the prosecution of Samarth Agrawal for stealing crucial code for high-frequency trading from the multinational, multibillion dollar bank Societe Generale. "Private industry provides a lot of opportunity," NYPD intelligence chief Thomas Galati told Congress earlier this year. "So I think the best people out there are working for private companies, and not for the government."

blottsie writes from a report on the Daily Dot: In a Wall Street Journal editorial titled "Encryption Without Tears," Sens. Richard Burr and Dianne Feinstein pushed back on widespread condemnation of their Compliance with Court Orders Act, which would require tech companies to provide authorities with user data in an "intelligible" format if served with a warrant. But security experts Bruce Schneir, Matthew Green, and others say the lawmakers entirely misunderstand the issue. "On a weekly basis we see gigabytes of that information dumped to the Internet," Green told the Daily Dot. "This is the whole problem that encryption is intended to solve." He added: "You can't hold out the current flaws in the Internet as a justification for why the Internet shouldn't be made secure." "These criticisms of Burr and Feinstein's analogy emphasize an important point about digital security: The differences between the levels of encryption protecting certain types of data -- purchase records on Amazon's servers versus photos on an iPhone, for example -- lead to different levels of risk," writes Eric Geller of the Daily Dot.

Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, "It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware." Maybe Tor users will now be less likely to anonymously check Facebook each month...

blottsie writes: The latest debate over encryption did not begin with a court order demanding Apple help the FBI unlock a dead terrorist's iPhone. The new "Crypto Wars," chronicled in a comprehensive timeline by Eric Geller of the Daily Dot, dates back to at least 2003, with the introduction of "Patriot Act II." The battle over privacy and personal security versus crime-fighting and national security has, however, become a mainstream debate in recent months. The timeline covers a wide-range of incidents where the U.S. and other allied governments have tried to restrict citizens' access to strong encryption. The timeline ends with the director of national intelligence blaming NSA whistleblower Edward Snowden for advancing the spread of user-friendly, widely available strong encryption.

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

Samuel Gibbs, reporting for The Guardian: Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS's 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.Also from the report, "60 Minutes contacted the cellular phone trade association to ask about attacks on the SS7 network. They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure." Update: 04/18 16:51 GMT by M :Reader blottsie writes: U.S. Rep. Ted Lieu (D-Cali.) on Monday called for a full congressional investigation into the aforementioned widespread flaw in global phone networks.

blottsie writes: The U.S. government has been unable to fight the Islamic State on the one battlefield it currently commands: the Internet. Exemplified by an August 2014 video produced by the State Department, the U.S. remains ineffective at combating violent extremism online. A definitive report by the Daily Dot explores how ISIS succeeds in spreading its message and recruiting new militants, and why the U.S. government continues to fail in its efforts to stop ISIS online.

An anonymous reader quotes an article on DailyDot: Lending your car to a friend could be as easy as sending a text. That's the future Volvo is imaging with its smartphone app that enables keyless entry for the driver -- and anyone with permission to enter. Announced earlier this year and now prominently on display at the New York International Auto Show, the app does away with key fobs and puts the key right on the user's phone. Using the device's Bluetooth capability, the app can do just about everything that a standard key could do -- from unlocking the doors to popping open the trunk to even starting the engine of the vehicle without turning the ignition. Beyond just convenience for the primary holder, the Volvo app also allows others to take the wheel without requiring a physical key. Users are able to grant digital keys to others, allowing them temporary or ongoing access to the car.

An anonymous reader quotes a DailyDot article: Phil Schiller, Apple's Senior Vice President of Worldwide Marketing, took the stage in Cupertino, California, earlier this week to explain some of the new features and specs on the new iPad Pro. Between showing off a new display and camera, Schiller also took some digs at Windows and PC users, specifically calling out those users who are on computers more than five years old. Schiller said that 600 million people are using PCs that are over five years old. 'This is really sad,' he said.
C. Custer, reporter for Tech in Asia also didn't like Schiller's remarks. He writes: If Apple's really targeting those 600 million old PC users, it seems to have done a pretty poor job. It's been more than five years since I saw the need to upgrade my primary computer, and nothing about the iPad Pro presentation made me rethink my position at all. But of course, Apple isn't really targeting those people. That was mostly just a cheap shot, a jibe at all of us poor fools who haven't yet seen the light. That's why the audience laughed knowingly, and even applauded. "Using the same machine for five years? How barbaric! Thank god we live in civilized society, where everyone throws their gadgets out and buys new ones every two years."

An anonymous reader writes from a DailyDot's Kernel Mag article: Welcome to the Internet of Things, what Schneier calls "the World Size Web," already growing around you as we speak, which creates such a complete picture of our lives that Dr. Richard Tynan of Privacy International calls them "doppelgangers" -- mirror images of ourselves built on constantly updated data. These doppelgangers live in the cloud, where they can easily be interrogated by intelligence agencies. Nicholas Weaver, a security researcher at University of California, Berkeley, points out that "Under the FISA Amendments Act 702 (aka PRISM), the NSA can directly ask Google for any data collected on a valid foreign intelligence target through Google's Nest service, including a Nest Cam." And that's just one, legal way of questioning your digital doppelgangers; we've all heard enough stories about hacked cloud storage to be wary of trusting our entire lives to it. [...] But with the IoT, the potential goes beyond simple espionage, into outright sabotage. Imagine an enemy that can remotely disable the brakes in your car, or (even more subtly) give you food poisoning by hacking your fridge. That's a new kind of power. "The surveillance, the interference, the manipulation the full life cycle is the ultimate nightmare," says Tynan. [...] That makes the IoT vulnerable -- our society vulnerable -- to any criminal with a weekend to spend learning how to hack. "When we talk about vulnerabilities in computers... people are using a lot of rhetoric in the abstract," says Privacy International's Tynan. "What we really mean is, vulnerable to somebody. That somebody you're vulnerable to is the real question." The state of security around IoT, the chip or sensor-equipped devices connected to each other over the Internet, is deeply concerning. Just in the past few months, we have seen several instances of these devices getting hacked. We have also seen things such as Shodan, a search engine for the Internet of Things that can allow someone to browse vulnerable webcams. Many people continue to overlook the significance and potential consequences of their "smart" devices getting compromised. Someone recently asked, "So what if my coffee maker gets hacked? What are criminals going to do? Burn my coffee?" They can do a lot more than burn your coffee. You see these devices are connected to your Wi-Fi network, which gives them the ability to interact with other gadgets connected to the same network. When attackers manage to access one of these devices, it's only a matter of time before they own your entire network.

blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."

Patrick O'Neill writes: Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports. The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail. M. Pierre Lellouche, a French Republican, singled out American encryption in particular. "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals."

Patrick O'Neill writes: While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company took a strange and unexpected step away from encryption. Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices. The change, which took effect in Fire OS 5, affects millions of users.

blottsie writes: Islamic State militants and supporters are promoting strong encryption tools from outside the United States that the American government cannot touch with legislation. In the last month, Islamic State supporters have promoted security software from Finland, Romania, America, France, the Czech Republic, Canada, Panama, Germany, Switzerland, Saint Kitts and Nevis, and other nations, a Daily Dot review found. The international availability of encryption technology, of which Islamic State militants are well aware, underscores FBI Director James Comey's long-held desire to build an international legal regime to deal with the problems posed by encryption, what he calls "going dark."

blottsie writes: In a series of court battles in the late 1990s and early 2000s, Cindy Cohn represented plaintiffs challenging restrictions on DVD copying and the publication of cryptographic code. In all three cases—Bernstein v. United States, Universal City Studios v. Reimerdes, and Junger v. Daley—federal courts held that computer code merited protection under the First Amendment. Cohn, now the executive director of the Electronic Frontier Foundation, endorsed Apple's repeated citations of her cases in its fight against a court order to unlock a terrorism suspect's iPhone for the FBI. But she said that the controversial iPhone-unlocking order impinged even further on Apple's free-speech rights than the restrictions in her cases.

New submitter Selena Larson writes: The United Nations World Food Programme (WFP) rolled out a pilot program for refugees this week that connects biometric data directly to points of sale and enables people to buy groceries with an iris scan. The computerized system communicates with the United Nations refugee agency, UNHCR, which keeps a database of biometric data collected from refugees around the world. If the individual is confirmed to be a refugee in Jordan, based on their iris scan, a bank the organization works with approves the transaction.

erier2003 writes: A court order forcing Apple to help the FBI access a terrorism suspect's iPhone has drawn responses from leading tech companies, newspaper editorial boards, and security experts. But one major faction is staying largely silent: the computer and smartphone manufacturers who compete with Apple for business and could be subject to similar orders in the future if the company loses its high-profile case. Silicon Valley software firms have universally backed Apple in its fight against the Justice Department, which won a ruling Tuesday from a California magistrate judge compelling Apple to design custom software to bypass security features on an iPhone used by one of the San Bernardino shooters. But Apple's hardware competitors are staying on the sidelines.

Patrick O'Neill writes: Hours after Apple was ordered to help the FBI access the San Bernardino Shooters' iPhone, Rep. Ted Lieu (D-Calif.), a Stanford University computer-science graduate, wondered where the use of the All Writs Act—on which the magistrate judge based her ruling—might lead. "Can courts compel Facebook to provide analytics of who might be a criminal?" Lieu said in an email to the Daily Dot. "Or Google to give a list of names of people who searched for the term ISIS? At what point does this stop?"
Apple, so far, has vowed to fight the order that it decrypt the phone of San Bernadino shooter Syed Rizwan Farook, in no uncertain terms.

blottsie writes: Over her career, Shari Steel has taken on United States Department of Justice, the National Security Agency, and the Federal Bureau of Investigation. She built the Electronic Frontier Foundation into an international powerhouse for protecting online rights. Today, she has a new mission, perhaps her heaviest challenge yet: Take the Internet's most powerful privacy tool mainstream. From the Daily Dot article linked, a hint of one reason that bringing Tor mainstream isn't straightforward: At the heart of Tor's image problems are what's known as "hidden services" -- sites that are only accessible through the Tor network. Hidden services have been home to drug and gun marketplaces, child pornography forums, fraud and hacking sites, and sites where you can place bets on when a high-profile target may be assassinated. While the media tends to focus on the nefarious elements Tor enables, hidden services make up only about 1 percent of the Tor network, according to Steele, and are in no way operated by the Tor Project.

"I'm trying to teach everyone that we need to recognize that we are doing the work of the angels," Steele says. "What we are providing is really important and really great, and there happen to be uses that are residual that aren't what we're doing. We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

blottsie writes: Ringo Starr's account was compromised by a hacker operating under the username "af," who spoke to the Daily Dot about the breach. The hacker says he gained access to an email account associated with Doug Brasch, senior director of digital marketing at Universal Music Group, who managed Starr's Twitter account. He simply used an email password reset to gain access.

Patrick O'Neill writes: Election time in Iran means increased censorship for the country's tens of millions of Internet users. But this months parliamentary election, experts say, comes with a new level of aggressive censorship from a government notorious for authoritarianism in cyberspace. "What's happening [right now] is far more advanced than anything we've seen before," said Karl Kathuria, CEO of Psiphon Inc., the company behind the widely popular encryption and circumvention tool Psiphon. "It's a lot more concentrated attempt to stop these services from working."

Patrick O'Neill writes: As U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. "Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.

erier2003 writes with this excerpt from The Daily Dot: The United States and the European Union have agreed to a transatlantic data-sharing arrangement to protect U.S. companies' overseas activities and European citizens' privacy, but another initiative—one that's still working its way through Congress—could be just important to U.S.–E.U. relations and transnational privacy rights. The Judicial Redress Act is considered essential to a broader agreement between the U.S. and Europe over the sharing of data in criminal and terrorism investigations. The negotiations over the newly announced E.U.–U.S. Privacy Shield may have received more attention, but the concerns at the heart of this bill are no less important.

Patrick O'Neill writes: A common configuration mistake in Apache, the most popular Web server software in the world, can allow anyone to look behind the curtains on a hidden server to see everything from total traffic to active HTTP requests. When an hidden service reveals the HTTP requests, it's revealing every file—a Web page, picture, movie, .zip, anything at all—that's fetched by the server. Tor's developers were aware of the issue as early as last year but decided against sending out an advisory. The problem is common enough that even Tor's own developers have made the exact same mistake. Until October 2015, the machine that welcomed new users to the Tor network and checked if they were running up-to-date software allowed anyone to look at total traffic and watch all the requests.

blottsie writes: Despite widespread reports to the contrary, an app created for Islamic State militants to send private encrypted messages does not exist, a week-long Daily Dot investigation found. All of the media articles on the Alrawi app showed screenshots of a different app entirely, one that is a glorified RSS reader with a totally different name. The Defense One journalist who first reported on GSG's claims about the app told the Daily Dot that he hadn't seen any version of Alrawi at all, and the subsequent reports on the app largely relied on Defense One's reporting. The Daily Dot was the first media outlet to receive, on Jan. 18, what GSG claimed was the Alrawi encryption app. The app, called "Alrawi.apk," contained no ability to send or encrypt messages. It was created using MIT's App Inventor, a plug-and-play tool meant primarily for children.

blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”

Patrick O'Neill writes: A senior Homeland Security official recently argued that Internet anonymity should outlawed in the same way that driving a car without a license plate is against the law. "When a person drives a car on a highway, he or she agrees to display a license plate," Erik Barnett, an assistant deputy director at U.S. Immigration and Customs Enforcement and attache to the European Union at the Department of Homeland Security, wrote. "The license plate's identifiers are ignored most of the time by law enforcement. Law enforcement will use the identifiers, though, to determine the driver's identity if the car is involved in a legal infraction or otherwise becomes a matter of public interest. Similarly, should not every individual be required to display a 'license plate' on the digital super-highway?"

Patrick O'Neill writes: The French parliament this week will examine a bill that would require tech manufacturers of computers, phones, and tablets to build backdoors into any encryption on the device. The anti-encryption bill is being presented by 18 conservative members of the National Assembly as part of a large "Digital Republic" bill. According to the article, The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces. "France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices," the legislation reads, according to a translation by Khalil Sehnaoui, a Middle-East security specialist and founder of Krypton Security. "The goal is to avoid that individual encryption systems delay the advancement of an investigation."

Patrick O'Neill writes: The U.S. military will closely review the NSA's security measures as concerns mount that foreign adversaries and independent hackers are targeting the American government in cyberspace. "We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general, wrote in the letter.

Patrick O'Neill writes: The debate over surveillance hit the 2016 race for the White House again on Sunday when Republican presidential candidate Marco Rubio said he wants to add to American surveillance programs, many of which were created after 9/11. He invoked a recent shooting of a Philadelphia police officer by a man who allegedly pledged allegiance to the Islamic State. "This the kind of threat we now face in this country," Rubio said. "We need additional tools for intelligence." Rubio also addressed the NSA leaks that led to this debate: "Edward Snowden is a traitor. He took our intelligence information and gave it to the Chinese and gave it to the Russians. We cannot afford to have a commander-in-chief who thinks people like Edward Snowden are doing a good public service."

blottsie writes: The Netherlands government issued a strong statement on Monday against weakening encryption for the purposes of law enforcement and intelligence agencies. The move comes as governments in the United Kingdom and China act to legally require companies to give them access to wide swaths of encrypted Internet traffic. U.S. lawmakers are also considering introducing similar legislation.

An anonymous reader writes: UC Literature Professor Jackson Bliss puts into words something many of you have probably experienced: the evolution of the internet and mobile devices has changed how we read. "The truth is that most of us read continuously in a perpetual stream of incestuous words, but instead of reading novels, book reviews, or newspapers like we used to in the ancien régime, we now read text messages, social media, and bite-sized entries about our protean cultural history on Wikipedia."

Bliss continues, "In the great epistemic galaxy of words, we have become both reading junkies and also professional text skimmers. ... Reading has become a relentless exercise in self-validation, which is why we get impatient when writers don't come out and simply tell us what they're arguing. ... Content—whether thought-provoking, regurgitated, or analytically superficial, impeccably-researched, politically doctrinaire, or grammatically atrocious—now occupies the same cultural space, the same screen space, and the same mental space in the public imagination. After awhile, we just stop keeping track of what's legitimately good because it takes too much energy to separate the crème from the foam."

blottsie writes: In an interview with the Daily Dot on Tuesday, Adam Segal, director of the Council on Foreign Relations' Digital and Cyberspace Policy Program explained what China's new anti-terrorism law contains, what aspects of it remain uncertain, and how China's interest in encrypted technology fits into its longtime strategy of regulating speech within its borders. On the subject of Apple and Chinese relations he says: "We seem to be on a road of eventual confrontation between the Chinese government and Apple. Apple may have to make a decision about what it’s going to do to remain in the China market like lots of other companies. So far, it hasn’t been explicitly laid out that way. The Chinese government hasn’t said, 'We’re not going to allow end-to-end [encryption],' but that clearly seems to be the trend. I’m sure that U.S. tech companies that are providing [end-to-end encryption] are beginning to think that they may be facing a 'high noon at the O.K. Corral' kind of moment."

erier2003 writes: Amid a torrent of cyberattacks and seemingly endless data breaches, the U.S. Computer Emergency Response Team, the government's premier cybersecurity monitoring unit, has never been busier. In an interview with the Daily Dot, US-CERT Director Ann Barron-DiCamillo described its structure, its incident-response activities, and its partnerships with frequently targeted industries like the financial sector. She also discussed the evolution of cyber threats over the past decade, as determined hackers have shifted focus from brute-force network penetrations to savvier, more indirect attacks.

blottsie writes: Newly released evidence shows that Irish detectives who worked the case of two convicted drug dealers may have also used data obtained through CMU's Software Engineering Institute's methods. Mannion and O'Connor were arrested on Nov. 5, 2014, according to a database of Dark Net arrests created by independent researcher Gwern Branwen. That's the same day that the owner of Silk Road 2.0, the replacement for the infamous drug marketplace Silk Road, was arrested. The IP addresses of Silk Road 2.0 were provided to the FBI by a "source of information," according to a search warrant in another case impacted by the attack on Tor, which court documents later confirmed was a university-based research institute.

New submitter h33t l4x0r writes: Presidential candidate Marco Rubio recently "fired off a letter (PDF) to the Federal Communications Commission asking the agency to allow states to block municipal broadband services." The municipal services offer cheaper, faster broadband alternatives to the large telecoms. Rubio's campaign has taken large donations from AT&T, and the article notes that other providers, "fearing competition, have used their influence in state government to make an end-run around local municipalities. Through surrogates like the American Legislative Exchange Council, the industry gets states to pass laws that ban municipal broadband networks, despite the obvious benefits to both the municipalities and their residents."

Patrick O'Neill writes: Carly Fiorina wants the government to be able to "work around" encryption to aid intelligence agencies and law enforcement in their investigations, she said on Monday. The Republican presidential candidate and former HP CEO shifted the focus of her campaign to national security two days before the last Republican debate of 2015. Fiorina is the latest but not the first presidential candidate to weigh in on the encryption debate that has taken on a new life since terrorist attacks in Paris and California.

blottsie writes with this story from The Daily Dot that the President met with encryption advocates on Thursday and is expected to make a statement on his official stance before the end of the year. From the story: "The Obama administration plans to clarify its stance on strong encryption before Washington shuts down for the holidays. Administration officials met Thursday with the civil-society groups behind a petition urging the White House to back strong, end-to-end encryption over the objections of some law-enforcement and intelligence professionals. Kevin Bankston, director of New America's Open Technology Institute and the coalition's organizer, told the Daily Dot that it was a 'very hopeful meeting.'"

Patrick O'Neill writes: Despite requests from police following the deadly Paris attacks, France will not ban the Tor anonymity network or public Wi-Fi, Prime Minister Manual Valls said on Wednesday."A ban of Wi-Fi is not a course of action envisaged," Valls responded on Wednesday. Nor is he in favor of a ban on Tor, which encrypts and masks users' identifying data. "Internet is a freedom, is an extraordinary means of communication between people, it is a benefit to the economy," Valls added.

Patrick O'Neill writes: Sen. Dianne Feinstein (D-Calif.) will seek legislation requiring the ability to "pierce" through encryption to allow American law enforcement to read protected communications with a court order. She told the Senate Judiciary committee on Wednesday that she would seek a bill that would give police armed with a warrant based on probable cause the ability to read encrypted data. "I have concern about a PlayStation that my grandchildren might use," she said, "and a predator getting on the other end, and talking to them, and it's all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that."

Patrick O'Neill writes: Hours after Donald Trump suggested the U.S. ban Muslims from entering the United States, the leading Republican presidential candidate said America should also consider "closing the Internet up in some way" to fight Islamic State terrorists in cyberspace. Trump mocked anyone who would object that his plan might violate the freedom of speech, saying "these are foolish people, we have a lot of foolish people ... We have to go see Bill Gates," Trump said, to better understand the Internet and then possibly "close it up."

Patrick O'Neill writes: Just over week after a hacker breached a United Arab Emirates Bank, demanding a $3 million ransom to stop tweeting customers' information, he appears to have dumped tens of thousands of customer files online. The actual data appears to be real. And it's vast. One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays. One account contained 4,7174,962.38 dirham, or $12,844,589.77. Those accounts' total earnings add up to $110,736,002. One bank executive confirmed the hack to Farooqui, adding that, "This is blackmail."

blottsie writes: Since 2010, the Straters have been under assault from an online campaign of ever-increasing harassment — prank deliveries, smear attacks, high-profile hacks, and threats of violence against schools and law enforcement officials in their name — and it's slowly torn them apart. Masterminding it all is a teenage Lizard Squad hacker from Finland, at war with their son, Blair, over a seemingly minor dispute. "When the family started getting notices about their utilities being disconnected, they realized things were escalating out of control. Utility provider Commonwealth Edison once called the house to iron out the details about a request to have the power turned off after a supposed move. Something similar happened with their trash service. On Halloween 2013, Comcast shut off their cable and Internet service."