Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

Government

Preventative Treatment For Heartbleed On Healthcare.gov 68

Posted by timothy
from the welcome-to-centralized-medicine-dot-gov dept.
As the San Francisco Chronicle reports, "People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw." Take note, though; the article goes on to immediately point out this does not mean that the HealthCare.gov site has been compromised: "Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page." Also at The Verge
Bug

Bug Bounties Don't Help If Bugs Never Run Out 234

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.
The Internet

The Internet of Things and Humans 54

Posted by Soulskill
from the humans-are-communications-channels-for-our-gadgets dept.
An anonymous reader writes "Speculating the future of human computer interaction, Tim O'Reilly contemplates how humans and things cooperate differently when things get smarter. He says, '[S]o many of the most interesting applications of the Internet of Things involve new ways of thinking about how humans and things cooperate differently when the things get smarter. It really ought to be called the Internet of Things and Humans ... is Uber an #IoT application? Most people would say it is not; it’s just a pair of smartphone apps connecting a passenger and driver. But imagine for a moment the consumer end of the Uber app as it is today, and on the other end, a self-driving car. You would immediately see that as #IoT. ... Long before we get to fully autonomous devices, there are many “halfway house” applications that are really Internet of Things applications in waiting, which use humans for one or more parts of the entire system. When you understand that the general pattern of #IoTH applications is not just sensor + network + actuator but various combinations of human + network + actuator or sensor + network, you will broaden the possibilities for interfaces and business models."
Government

Snowden Queries Putin On Live TV Regarding Russian Internet Surveillance 389

Posted by timothy
from the keep-to-the-script-now dept.
Rambo Tribble (1273454) writes "Edward Snowden appeared on a Russian television call-in show to ask Russian President Vladimir Putin about policies of mass surveillance. The exchange has a canned quality which will likely lead to questions regarding the integrity of Snowden's actions, in the query of his host in asylum."
Books

Ask Slashdot: What Good Print Media Is Left? 284

Posted by Soulskill
from the just-the-crap-in-my-mailbox-every-day dept.
guises writes: "A recent story discussing the cover of Byte Magazine reminded me of just how much we've lost with the death of print media. The Internet isn't what took down Byte, but a lot of other really excellent publications have fallen by the wayside as a result of the shift away from the printed page. We're not quite there yet, though. There seem to still be some holdouts, so I'm asking Slashdot: what magazines (or zines, or newsletters, or newspapers) are still hanging around that are worth subscribing to?"
Google

Google Looked Into Space Elevator, Hoverboards, and Teleportation 98

Posted by Soulskill
from the go-big-or-go-home-on-your-hoverboard dept.
An anonymous reader writes "Google has a huge research budget and an apparent willingness to take on huge projects. They've gotten themselves into autonomous cars, fiber optic internet, robotics, and Wi-Fi balloons. But that raises a question: if they're willing to commit to projects as difficult and risk as those, what projects have they explored but rejected? Several of the scientists working at Google's 'innovation lab' have spilled the beans: '[Mag-lev] systems have a stabilizing structure that keeps trains in place as they hover and move forward in only one direction. That couldn't quite translate into an open floor plan of magnets that keep a hoverboard steadily aloft and free to move in any direction. One problem, as Piponi explains, is that magnets tend to keep shifting polarities, so your hoverboard would constantly flip over as you floated around moving from a state of repulsion to attraction with the magnets. Any skateboarder could tell you what that means: Your hoverboard would suck. ... If scaling problems are what brought hoverboards down to earth, material-science issues crashed the space elevator. The team knew the cable would have to be exceptionally strong-- "at least a hundred times stronger than the strongest steel that we have," by Piponi's calculations. He found one material that could do this: carbon nanotubes. But no one has manufactured a perfectly formed carbon nanotube strand longer than a meter. And so elevators "were put in a deep freeze," as Heinrich says, and the team decided to keep tabs on any advances in the carbon nanotube field.'"
Encryption

Snowden Used the Linux Distro Designed For Internet Anonymity 170

Posted by Soulskill
from the NSA-can't-make-heads-or-something-of-it dept.
Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"
Government

Is Crimea In Russia? Internet Companies Have Different Answers 299

Posted by timothy
from the now-that-depends-who-you-gentleman-are-with dept.
judgecorp (778838) writes "Three weeks after Russia asserted that Crimea is part of its territory, the social networks have a problem: how to categories their users from the region? Facebook and the largest Russian social network, Vkontakte, still say Crimeans are located in Ukraine, while other Russian social networks say they are Russians. Meanwhile, on Wikipedia, an edit war has resulted in Crimea being part of Russia, but shaded a different colour to signify the territory is disputed. Search engine Yandex is trying to cover both angles: its maps service gives a different answer, depending on which location you send your query from."
Medicine

Carpenter Who Cut Off His Fingers Makes "Robohand" With 3-D Printer 91

Posted by samzenpus
from the finger-jam dept.
mpicpp (3454017) writes with the ultimate DIY story about a carpenter in South Africa who lost his fingers in an accident, and now runs a company that makes mechanical prosthetics with 3D printing technology. "'I was in a position to see exactly what happens in the human hand. I got the basics of what it's all about and thought yeah, I'll make my own.' Richard van As is recalling the moment in May 2011 when he sat in a Johannesburg hospital waiting to hear if his fingers could be stitched back on. Just an hour earlier, he had been in his carpentry workshop sawing wood when the saw slipped and ripped diagonally through the four fingers on his right hand....After days of scouring the Internet he couldn't find anywhere to buy a functional prosthetic finger and he was astonished at the cost of prosthetic hands and limbs which began in the tens of thousands of dollars. But his online surfing paid off as it brought him to an amateur video posted by a mechanical effects artist in Washington State, by the name of Ivan Owen. Together, the pair developed a mechanical finger for van As, but their partnership has also gone on to benefit countless hand and arm amputees around the globe, through the birth of the company "Robohand." Officially launched in January 2012, Robohand creates affordable mechanical prosthetics through the use of 3D printers. Not only that, but it has made its designs open source, so that anyone with access to such printers can print out fingers, hands and now arms as well.'"
Google

Google Buys Drone Maker Titan Aerospace 41

Posted by samzenpus
from the welcome-to-the-google dept.
garymortimer (1882326) writes "Google has acquired drone maker Titan Aerospace. Titan is a New Mexico-based company that makes high-flying solar powered drones. There's no word on the price Google paid, but Facebook had been in talks to acquire the company earlier this year for a reported $60 million. Presumably, Google paid more than that to keep it away from Facebook. 'Google had just recently demonstrated how its Loon prototype balloons could traverse the globe in a remarkably short period of time, but the use of drones could conceivably make a network of Internet-providing automotons even better at globe-trotting, with a higher degree of control and ability to react to changing conditions. Some kind of hybrid system might also be in the pipeline that marries both technologies.'"
Encryption

Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed 134

Posted by Soulskill
from the thanks-for-providing-zero-clarity dept.
An anonymous reader writes "The White House has joined the public debate about Heartbleed. The administration denied any prior knowledge of Heartbleed, and said the NSA should reveal such flaws once discovered. Unfortunately, this statement was hedged. The NSA should reveal these flaws unless 'a clear national security or law enforcement need' exists. Since that can be construed to apply to virtually any situation, we're left with the same dilemma as before: do we take them at their word or not? The use of such an exploit is certainly not without precedent: 'The NSA made use of four "zero day" vulnerabilities in its attack on Iran's nuclear enrichment sites. That operation, code-named "Olympic Games," managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.' A senior White House official is quoted saying, 'I can't imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.'" Side note: CloudFlare has named several winners in its challenge to prove it was possible to steal private keys using the Heartbleed exploit.
The Internet

Why the IETF Isn't Working 103

Posted by Soulskill
from the maybe-we-should-pay-these-people dept.
An anonymous reader writes "Vidya Narayanan spent seven years working on the Internet Engineering Task Force, and was nominated for the Internet Architecture Board. But she declined the nomination and left the IETF because standards bodies are not able to keep up with the rapid pace of tech development. She says, '[W]hile the pace at which standards are written hasn't changed in many years, the pace at which the real world adopts software has become orders of magnitude faster. Standards, unfortunately, have become the playground for hashing out conflicts and carrying out silo-ed agendas and as a result, have suffered a drastic degradation. ... Running code and rough consensus, the motto of the IETF, used to be realizable at some point. Nowadays, it is as though Margaret Thatcher's words, "consensus is the lack of leadership" have come to life. In the name of consensus, we debate frivolous details forever. In the name of patents, we never finish. One recent case in point is the long and painful codec battles in the WebRTC working group.'"
Businesses

The Comcast/TWC Merger Is About Controlling Information 107

Posted by Soulskill
from the there's-a-party-at-comcast's-house-and-attendance-is-mandatory dept.
An anonymous reader sends this excerpt from The Consumerist: "Comcast and proposed merger partner Time Warner Cable claim they don't compete because their service areas don't overlap, and that a combined company would happily divest itself of a few million customers to keeps its pay-TV market share below 30%, allowing other companies that don't currently compete with Comcast to keep not competing with Comcast. This narrow, shortsighted view fails to take into account the full breadth of what's involved in this merger — broadcast TV, cable TV, network technology, in-home technology, access to the Internet, and much more. In addition to asking whether or not regulators should permit Comcast to add 10-12 million customers, there is a more important question at the core of this deal: Should Comcast be allowed to control both what content you consume and how you get to consume it?"
The Internet

Can Web-Based Protests Be a Force for Change? 76

Posted by Soulskill
from the we-come-a-long-way-since-"sign-my-petition" dept.
Lucas123 writes: "Several high profile protests have circulated across the Web in the past few weeks, garnering social and news media attention — and even forcing the resignation of one high-level executive. There are two components driving the trend in Internet protests: They tend to be effective against Web services, and online networks allow people to mobilize quickly. According to a study released last month by Georgetown University's Center for Social Impact Communication, active Web useres are likely to do far more for a cause than simply 'like' it on a website. And, because a few clicks can cancel a service, their actions carry weight. But there may be a coming backlash as people can grow tired of online activism; and corporations may also take a more proactive stance in response to them."
United States

Bill Would End US Govt's Sale of Already-Available Technical Papers To Itself 32

Posted by timothy
from the what-and-forgo-the-multiplier-effect? dept.
An anonymous reader writes "Members of the Senate have proposed a bill that would prohibit the National Technical Information Service (NTIS) from selling to other U.S. federal agencies technical papers that are already freely available. NTIS is under the Department of Commerce. The bill is probably a result of a 2012 report by the Government Accountability Office (GAO) which points out that 'Of the reports added to NTIS's repository during fiscal years 1990 through 2011, GAO estimates that approximately 74 percent were readily available from other public sources.' Ars Technica notes that the term 'public sources' refers to 'either the issuing organization's website, the federal Internet portal, or another online resource.'"
Security

NSA Allegedly Exploited Heartbleed 149

Posted by Soulskill
from the according-to-somebody-who-may-or-may-not-be-a-person dept.
squiggleslash writes: "One question arose almost immediately upon the exposure of Heartbleed, the now-infamous OpenSSL exploit that can leak confidential information and even private keys to the Internet: Did the NSA know about it, and did they exploit if so? The answer, according to Bloomberg, is 'Yes.' 'The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency's toolkit for stealing account passwords and other common tasks.'" The NSA has denied this report. Nobody will believe them, but it's still a good idea to take it with a grain of salt until actual evidence is provided. CloudFlare did some testing and found it extremely difficult to extract private SSL keys. In fact, they weren't able to do it, though they stop short of claiming it's impossible. Dan Kaminsky has a post explaining the circumstances that led to Heartbleed, and today's xkcd has the "for dummies" depiction of how it works. Reader Goonie argues that the whole situation was a failure of risk analysis by the OpenSSL developers.
Government

Canada Introduces Privacy Reforms That Encourage Warrantless Disclosure of Info 99

Posted by samzenpus
from the what-do-you-want-to-know? dept.
An anonymous reader writes "Earlier this week, the government introduced the Digital Privacy Act (Bill S-4), the latest attempt to update Canada's private sector privacy law. Michael Geist reports that the bill includes a provision that could massively expand warrantless disclosure of personal information. Organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening). Consider it a gift to copyright trolls, who won't need the courts to obtain information on thousands of Internet users."
The Internet

Photo Web Site Offers a Wall of Shame For Image Thieves 126

Posted by timothy
from the fightin'-words dept.
sandbagger (654585) writes "Stop Stealing Photos is a resource in the pro photographer community for protecting consumers. How? By identifying wannabes who use images in their portfolios that they did not create. In this case, one 'photographer' built a massive social media presence, in many platforms including Linked In where he includes System Architecture in his skills. However, such advocacy web sites are very manual and often run by non-programmers. How can the tech community help consumers in protecting them from phoney on-line presences? Or is this vigilantism?"
Canada

Canada Halts Online Tax Returns In Wake of Heartbleed 50

Posted by timothy
from the worse-than-a-syrup-heist dept.
alphadogg (971356) writes "Canada Revenue Agency has halted online filing of tax returns by the country's citizens following the disclosure of the Heartbleed security vulnerability that rocked the Internet this week. The country's Minister of National Revenue wrote in a Twitter message on Wednesday that interest and penalties will not be applied to those filing 2013 tax returns after April 30, the last date for filing the returns, for a period equal to the length of the service disruption. The agency has suspended public access to its online services as a preventive measure to protect the information it holds, while it investigates the potential impact on tax payer information, it said."
Security

Heartbleed OpenSSL Vulnerability: A Technical Remediation 239

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes "Since the announcement malicious actors have been leaking software library data and using one of the several provided PoC codes to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...