cold fjord writes “A healthcare provider has sued the Internal Revenue Service and 15 of its agents, charging they wrongfully seized 60 million medical records from 10 million Americans … [The unnamed company alleges] the agency violated the Fourth Amendment in 2011, when agents executed a search warrant for financial data on one employee – and that led to the seizure of information on 10 million, including state judges. The search warrant did not specify that the IRS could take medical information, UPI said. And information technology officials warned the IRS about the potential to violate medical privacy laws before agents executed the warrant, the complaint said.” Also at Nextgov.com. Read more of this story at Slashdot.
Archive for the ‘reader’ Category
The answer may be surprising to some, but according to leading security firm NSS Labs, there’s a new champ in town. NSS Labs tested the top 5 browsers on the market today; Apple Safari, Google Chrome, Microsoft Internet Explorer 10, Mozilla Firefox 19 and Opera 12 to see how they would respond to “live” testing. Each browser was pointed to series 900+ URL’s that had known infections embeded in thier sites. At the end of testing, guess what? IE 10 FTW! Yeah, you read that right. IE 10 crushed everyone. IE 10 blocked a whopping 99.96% of the infested sites followed by Chrome at 83.16% (respectable), Safari at 10.15%, Firefox at 9.92% and Opera pulling up the rear at a measly 1.87% effective rate.
It’s hard not to be curious about the true identity of Bitcoin creator Satoshi Nakamoto, since he or she basically just stuck around on the internet long enough to introduce Bitcoin/get everyone all riled up and then disappeared. But Ted Nelson, the sociologist who invented the term “hypertext,” thinks he knows who Nakamoto really is, and in the video below he calls out Japanese mathematician Shinichi Mochizuki . Read more…
That cat’s out of the bag a day early , it seems. Yahoo’s board has approved a $1.1 billion cash deal to purchase the blogging site Tumblr, according to The Wall Street Journal . We were expecting Yahoo to announce the acquisition during tomorrow’s NYC media event — CEO Marissa Mayer may instead use the last-minute gathering to detail the company’s plans for integrating the popular platform. It’s unclear how Yahoo intends to utilize its latest procurement, but with a 10-figure price tag now public, we can only imagine that Tumblr will be put to good use. We’ll be covering tomorrow afternoon’s event live, so stay tuned for more details from New York City. Filed under: Internet Comments Source: Wall Street Journal (Twitter)
hypnosec writes with report of the possible theft of up to 22 million user IDs revealed by Yahoo! Japan. That scale is massive, but, he writes, “According to Yahoo, the information that was stolen didn’t have passwords or any other information that would allow unauthorized users to carry out user identity verification.” A story at the Japan Times adds a bit more detail. Read more of this story at Slashdot.
Victorian Organic Solar Cell Consortium Imagine a future where solar panels speed off the presses, like newspaper. Australian scientists have brought us one step closer to that reality. Researchers from the Victorian Organic Solar Cell Consortium (VICOSC) have developed a printer that can print 10 meters of flexible solar cells a minute. Unlike traditional silicon solar cells, printed solar cells are made using organic semi-conducting polymers, which can be dissolved in a solvent and used like an ink, allowing solar cells to be printed. Not only can the VICOSC machine print flexible A3 solar cells, the machine can print directly on to steel, opening up the possibility for solar cells to be embedded directly into building materials. Read 7 remaining paragraphs | Comments
An anonymous reader writes “In a decision that’s almost certainly going to result in this issue heading up to the Supreme Court, the Federal 1st Circuit Court of Appeals [Friday] ruled that police can’t search your phone when they arrest you without a warrant. That’s contrary to most courts’ previous findings in these kinds of cases where judges have allowed warrantless searches through cell phones.” (But in line with the recently mentioned decision in Florida, and seemingly with common sense.) Read more of this story at Slashdot.
In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem — through much of the 1990s, AT&T’s CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company’s switches to listen in on the highest levels of government. But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility — it doesn’t matter if you can intercept someone else’s phone calls or network traffic if the data you’re captured is unbreakably scrambled. In response, the FBI has floated the idea of “CALEA II”: a mandate to put wiretapping capabilities in computers, phones, and software. As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it’s doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn’t matter if you trust the government not to abuse this power (though, for the record, I don’t — especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) — deliberately weakening device security makes you vulnerable to everyone, including the worst criminals: Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss. Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system. Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks. Felten’s remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI’s proposal. It’s an important read — maybe the most important thing you’ll read all month. If you can’t trust your devices, you face enormous danger. CALEA II: Risks of wiretap modifications to endpoints