subvert · Search · Slashdot Mirror

Apple Denies Helping NSA Subvert iPhone

Apple · Iphone · 2013-12-31 13:03 · posted by Soulskill · from the at-least-we-have-a-falsifiable-hypothesis dept. · 284 comments

New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said, "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."

TrueCrypt To Go Through a Crowdfunded, Public Security Audit

Yro · Security · 2013-11-07 10:53 · posted by timothy · from the line-by-line dept. · 104 comments

An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)

Building an Opt-In Society

Yro · Encryption · 2013-10-20 03:27 · posted by timothy · from the dreams-pipe-dreams-and-escaping-dystopia dept. · 182 comments

An anonymous reader writes "In a talk at Y Combinator's startup school event, Stanford lecturer Balaji Srinivasan explained his vision for governing systems of the future. The idea is to find space to set up a new 'opt-in' society outside existing governments, and design it to take full advantage of technology to keep people in control of their own lives. That means embracing tech that subverts existing industries and rejecting regulation on new ways of doing things. '[N]ew industries are simultaneously disrupting existing ones while also exiting the system entirely, he says. With 3D printing, regulation is being turned into DRM. With quantified self, medicine is going mobile. With Bitcoin, capital control becomes packet filtering. All of these examples, Srinivasan says, are ways in which technology is allowing people to exit current systems like physical product production and distribution; personal health; and finance in favor of spaces of their own creation.' Srinivasan's ideas are a natural extension of a few proposals already in the works — Peter Thiel has been trying to build a small tech incubator city that floats in international waters, outside of government control. Elon Musk wants to have a Mars colony, and Larry Page has wished for a tech-centric Burning man that's free from government regulation. 'The best part is this,' Srinivasan said. 'The people who think this is weird, the people who sneer at the frontier, who hate technology, won't follow you there.'"

How PR Subverts Wikipedia

News · Wikipedia · 2013-10-19 05:45 · posted by Soulskill · from the citation-needed dept. · 219 comments

Daniel_Stuckey writes "We all know that Wikipedia can be subverted—it’s an inevitability of an open platform that some people will seek to abuse it, whether to gain some advantage or just for a laugh. Fortunately, the Wikipedia community has strong mechanisms in place to deal with this, from the famous cry of [citation needed] to the rigorous checks and standards put in place by its hierarchy of editors and admins. In recent months though, Insiders have encountered something altogether more worrying: a concerted attack on the very fabric of Wikipedia by PR companies that have subverted the online encyclopedia's editing hierarchy to alter articles on a massive scale—perhaps tens of thousands of them. Wikipedia is the world's most popular source of cultural, historical, and scientific knowledge—if their fears are correct, its all-important credibility could be on the line... Adam Masonbrink, a founder and Vice-President of Sales at Wiki-PR, boasts of new clients including Priceline and Viacom. Viacom didn't respond ... but Priceline — a NASDAQ listed firm with over 5,000 employees and William Shatner as their official spokesman — did. Sadly, Priceline didn't choose to respond to us via Captain Kirk; instead Leslie Cafferty, vice president of corporate communications and public relations, admitted, 'We are using them to help us get all of our brands a presence because I don't have the resources internally to otherwise manage.'"

UK Cryptographers Call For UK and US To Out Weakened Products

It · Security · 2013-09-16 19:01 · posted by Unknown · from the instead-they-disappear dept. · 105 comments

Trailrunner7 writes "A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries' intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ 'have been acting against the interests of the public that they are meant to serve.' The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products."

Ask Slashdot: Can We Still Trust FIPS?

Ask · Communications · 2013-09-12 08:22 · posted by timothy · from the just-slide-it-under-my-door dept. · 138 comments

First time accepted submitter someSnarkyBastard writes "It has already been widely reported that the NSA has subverted several major encryption standards but I have not seen any mention of how this affects the FIPS 140-2 standard. Can we still trust these cyphers? They have been cleared for use by the US Government for Top-Secret clearance documents; surely the government wouldn't backdoor itself right?...Right?"

Ask Slashdot: How To Stay Ahead of Phone Tracking ?

Yro · Privacy · 2013-03-31 21:06 · posted by samzenpus · from the watching-the-watchers dept. · 259 comments

An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"

Apple Loses the iPad Mini Trademark

Apple · Court · 2013-03-31 06:15 · posted by samzenpus · from the so-sorry dept. · 144 comments

An anonymous reader writes in with bad news for Apple. "It would appear that Apple has lost an attempt to trademark the 'iPad Mini.' This time it's not nefarious foreigners subverting the just order of things simply by trademarking something several years before Apple did. No, that was what happened in Brazil with the IFone. Nor is it people nefariously selling the rights to everywhere but China but Apple's lawyers didn’t notice, as happened with iPad in China. No, this time it's the U.S. Patents and Trademarks Office saying that Apple simply cannot have a trademark on 'iPad Mini.' For the simple reason that the law doesn't allow them to trademark something which is just a description of the product."

Hacker vs. Counter-Hacker — a Legal Debate

Yro · Crime · 2012-11-18 07:19 · posted by timothy · from the shhh-this-is-the-conspiracy-room dept. · 182 comments

Freddybear writes "If your computer has been cracked and subverted for use by a botnet or other remote-access attack, is it legal for you to hack back into the system from which the attack originated? Over the last couple of years three legal scholars and bloggers have debated the question on The Volokh Conspiracy weblog. The linked webpage collects that debate into a coherent document. 'The debaters are:

Stewart Baker, a former official at the National Security Agency and the Department of Homeland Security, a partner at Steptoe & Johnson with a large cybersecurity practice. Stewart Baker makes the policy case for counterhacking and challenges the traditional view of what remedies are authorized by the language of the CFAA.
Orin Kerr, Fred C. Stevenson Research Professor of Law at George Washington School of Law, a former computer crimes prosecutor, and one of the most respected computer crime scholars. Orin Kerr defends the traditional view of the Act against both Stewart Baker and Eugene Volokh.
Eugene Volokh, Gary T. Schwartz Professor of Law at UCLA School of Law, founder of the Volokh Conspiracy, and a sophisticated technology lawyer, presents a challenge grounded in common law understandings of trespass and tort.'"

Plans For Widespread Monitoring of Communication In Europe Revealed

Eu · 2012-09-24 14:03 · posted by ryuzaki0 · from the 1984-slowly-becoming-life-manual dept. · 166 comments

TrueSatan writes "A leak from the Clean IT project reveals how it has been subverted from its original, much more innocuous, goals into a surveillance horror story with democratic freedoms and personal rights being the victims." The leaked document in question. Gems include member states repealing anti-filtering laws and a mandate that ISPs be held liable for not reporting terrorist use of their networks. The Clean IT Project counters that there's nothing to see here (amazingly, through a series of tweets with a journalist).

Malware Used in Aramco Attack Likely Work of Amateurs

News · Security · 2012-09-12 03:31 · posted by Unknown · from the insult-injury dept. · 18 comments

wiredmikey writes with this excerpt from Security Week: "The Disttrack/Shamoon malware, while destructive, appears to be the work of amateurs and not elite and sophisticated developers, according to the latest analysis. The malware proved that it was possible for developers to subvert legitimate kernel-mode applications for malicious purposes, but it appears that the malware could have been even more destructive and dangerous, if it had not been for a series of programming mistakes in the code, according to recent analysis from Kaspersky Lab. Other suggestions that the developers behind the Shamoon malware are not high-profile programmers include that the command-and-control server is hard-coded as two addresses, which limits the tool since if the address ever changes, the infected machine can no longer receive instructions. The developers were most likely motivated by political reasons, as the malware overwrote existing files with a fragment of an image of a burning American flag. The Malware has also been reported to be linked to the recent Saudi Aramco attack, which some reports have suggested that insiders may have been partly involved. Saudi Aramco hasn't officially said what type of malware hit its systems."

'Antimagnet' Cloak Hides Objects From Magnetic Fields

Science · Science · 2012-03-23 02:57 · posted by Soulskill · from the don't-let-ian-mckellan-get-his-hands-on-this dept. · 87 comments

ananyo writes "Researchers have made a cloak that can hide objects from static magnetic fields, realizing a theoretical prediction they made last year. This 'antimagnet' could have medical applications, but could also be used to subvert airport security. The cloak's interior is lined with turns of tape made from a high-temperature superconductor. Superconductors repel magnetic fields, so any magnetic field enclosed within a superconductor would be undetectable from outside. But the superconductor itself would still perturb an external magnetic field, so the researchers coated its external side with an ordinary ferromagnet. The superconductor tries to repel external field lines, whereas the ferromagnet tries to draw them in — together, the two layers cancel each other out (abstract)."

Is Retaliation the Answer To Cyber Attacks?

Tech · Networking · 2011-01-22 10:36 · posted by Soulskill · from the with-your-switch-or-on-it dept. · 142 comments

coondoggie writes "Should revenge assaults be just another security tool large IT shops use to counter cyber attacks? It's a controversial idea, and the law generally frowns on cyber attacks in general, but at the Black Hat DC conference last week, some speakers took up the issue of whether and how organizations should counterattack against adversaries clearly using attack tools to break into and subvert corporate data security."

Disempowering the Singular Sysadmin?

Ask · It · 2011-01-10 03:39 · posted by kdawson · from the trust-but-verify dept. · 433 comments

An anonymous reader writes "Practically every computer system appears to be at the mercy of at least one individual who holds root (or whatever other superuser identity can destroy or subvert that system). However, making a system require multiple individuals for any root operation (think of the classic two-key process to launch a nuke) has shortcomings: simple operations sometimes require root, and would be enormously cumbersome if they needed a consensus of administrators to execute. There is the idea of a Distributed Administration Network, which is like a cluster of independently administered servers, but this is a limited case for deployment of certain applications. And besides, DAN appears still to be vaporware. Are there more sweeping yet practical solutions out there for avoiding the weakness of a singular empowered superuser?"

23 Years of Culture Hacking With Perl

Developers · Perl · 2010-12-24 08:43 · posted by Soulskill · from the in-its-prime dept. · 99 comments

Modern Perl writes "Larry Wall, the creator of Perl, reflects on Perl's history of hacking its culture, from subverting the reductionist culture of Unix to reinventing the ideas of programming language and culture in Perl 6 and the verbal aikido used to encourage honest detractors to become valuable contributors. Perl turned 23 years old last week, and Perl 6 is available."

Some Countries Want To Ban 'Information Weapons'

Yro · Government · 2010-09-23 04:22 · posted by kdawson · from the treaty-to-suppress dept. · 321 comments

DrgnDancer sends in an NPR piece on recent efforts to control so-called "information weapons" on the Internet. What's interesting is that the term "information weapon," as defined by many of the countries trying to limit them, doesn't mean what you would think. It's closer to the old Soviet term "ideological aggression." "At a UN disarmament conference in 2008, Sergei Korotkov of the Russian Defense Ministry argued that anytime a government promotes ideas on the Internet with the goal of subverting another country's government — even in the name of democratic reform — it should qualify as 'aggression.' And that, in turn, would make it illegal under the UN Charter. 'Practically any information operation conducted by a state or a number of states against another state would be qualified as an interference into internal affairs,' Korotkov said through an interpreter. 'So any good cause, like [the] promotion of democracy, cannot be used as a justification for such actions.' The Russians, and a lot of other countries such as Iran and China, apparently consider the free exchange of information to be an information technology threat. One that must be managed by treaty."

Tunneling Under the Great Firewall?

Ask · Censorship · 2010-07-02 03:11 · posted by kdawson · from the tiptoeing-around-dragons dept. · 403 comments

An anonymous reader writes "I am traveling to China in the near future, and needless to say as a Slashdot reader I am going to require access to the Internet. The whole, unadulterated, unfiltered Internet. Also needless to say, I am very leery of the government there (my lack of a nickname on this submission being testament to that). I will only be there for a few weeks, and will not be using the computer for much of that time, so I don't want to shell out a lot of money to a VPN service. However I also don't want to be hindered by extremely slow speeds such as those provided by the Tor network. I have experience implementing Web servers and work fairly often with Linux; however, many of my friends who also face the same dilemma don't. What would be the most cost-effective (free is best) method for me to subvert the Great Firewall during my travels while maintaining sufficient anonymity and enjoying sufficient speed?"

China Explains Internet Situation In Whitepaper

Yro · Censorship · 2010-06-08 07:09 · posted by kdawson · from the for-some-definitions-of-free dept. · 115 comments

eldavojohn writes "In a new whitepaper, China has declared the Internet to be 'the crystallization of human wisdom' and officially issued what appears to be a defense of its policies on Web censorship, while at the same time making contradicting statements like 'Chinese citizens fully enjoy freedom of speech on the Internet' and (in the same paper) 'Laws and regulations clearly prohibit the spread of information that contains content subverting state power, undermining national unity, [or] infringing upon national honor and interests.' The paper also claims some questionable superlatives such as 'China is one of the countries suffering most from hacking.' On the positive side, this 31-page document might be offered as an operating guide for businesses, like Google, looking to understand exactly what the law is surrounding the Internet in China. The document is a rare glimpse of transparency in China's regulations."

Five Years of YouTube and Forced Evolution

Tech · Google_Fb · 2010-02-15 09:46 · posted by ScuttleMonkey · from the court-of-public-opinion dept. · 329 comments

NakNak writes to mention that the DailyMaverick has a feature looking back at five years of YouTube, some of the massive changes that have been forced through as a result of its overwhelming popularity, and what changes might be necessary going forward. "Google, which bought YouTube less than two years after it was founded for what was then considered outrageously expensive $1.65 billion, does not want Microsoft or Apple (or anybody else) to own the dominant video format. So it has become the biggest early tester of HTML5. Your browser doesn't support HTML5? Google launches its own browser, Chrome. Need to use Internet Explorer at work because that's all your IT department supports? Google launches a Chrome framework that effectively subverts IE and makes it HTML5-compatible. The final blow will be the day that YouTube switches off Flash and starts streaming only to HTML5 browsers. On that day all browsers will be HTML5 compatible or they will perish in the flames of user outrage."

Subverting Fingerprinting

Yro · Privacy · 2009-12-07 13:15 · posted by kdawson · from the on-a-stalk dept. · 169 comments

squizzar writes in with news of a 27 year old Chinese woman who was discovered to have had her fingerprints surgically swapped between hands in order to fool Japanese immigration. "It is Japan's first case of alleged biometric fraud, but police believe the practice may be widespread. ... The apparent ability of illegal migration networks to break through hi-tech controls suggests that other countries who fingerprint visitors could be equally vulnerable — not least the United States, according to BBC Asia analyst Andre Vornic." Time for some biometric escalation. Could iris scans be subverted as easily?

Search

Stories · 93