Gov. Rick Perry is expected to sign the e-mail privacy bill, which passed both houses of the state legislature without a single “nay” vote. Gov. Rick Perry Assuming that Texas Governor Rick Perry does not veto it, the Lone Star State appears set to enact the nation’s strongest e-mail privacy bill , requiring state law enforcement agencies to get a warrant for all e-mails, regardless of the age of the e-mail. On Tuesday, the Texas bill ( HB 2268 ) was sent to Gov. Perry’s desk, where he has until June 16, 2013 to sign it or veto it—if he does neither, it will pass automatically, taking effect on September 1, 2013. The bill would give Texans more privacy over their inbox to shield against state-level snooping, but the bill would not protect against federal investigations . The bill passed both houses of the state legislature earlier this year without a single “nay” vote. This new bill, if signed, will make Texas law more privacy-conscious than the much-maligned (but frustratingly still in effect) 1986-era Electronic Communications Privacy Act (ECPA), where federal law enforcement agencies are only required to get a warrant to access recent e-mails before they are opened by the recipient. Read 9 remaining paragraphs | Comments
Read More:
Unprecedented e-mail privacy bill sent to Texas governor’s desk
Several readers sent word of a group of University of Alberta researchers, who were exploring the edge of the Teardrop Glacier in northern Canada when they noticed a ‘greenish tint’ coming out from underneath the glacier. It turned out to be a collection of bryophytes, which likely flourished there the last time the land in that area was exposed to sunlight before the Little Ice Age. They collected samples of plants estimated to be 400 years old, and the researchers were able to get them to sprout new growths in the lab (abstract). “The glaciers in the region have been receding at rates that have sharply accelerated since 2004, at about 3-4m per year. … Bryophytes are different from the land plants that we know best, in that they do not have vascular tissue that helps pump fluids around different parts of the organism. They can survive being completely desiccated in long Arctic winters, returning to growth in warmer times, but Dr La Farge was surprised by an emergence of bryophytes that had been buried under ice for so long. ‘When we looked at them in detail and brought them to the lab, I could see some of the stems actually had new growth of green lateral branches, and that said to me that these guys are regenerating in the field, and that blew my mind.'” Read more of this story at Slashdot. 
Ars Technica’s Nate Anderson Dan Goodin follows up on Nate Anderson’s excellent piece on the nuts and bolts of password cracking with a further attempt to decrypt an encrypted password file leaked from LivingSocial, this time with the aid of experts. The password file they were working on was encrypted with the relatively weak (and now deprecated) SHA1 hashing algorithm, and they were only attacking it with a single GPU on a commodity PC, and were able to extract over 90% of the passwords in the file. The discussion of the guesswork and refinement techniques used in extracting passwords is absolutely fascinating and really is a must-read. However, the whole exercise is still a bit inconclusive — in the end, we know that a badly encrypted password file is vulnerable to an underpowered password-cracking device. But what we need to know is whether a well-encrypted password file will stand up to a good password-cracking system. The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack “momof3g8kids” because he had “momof3g” in his 111 million dict and “8kids” in a smaller dict… What was remarkable about all three cracking sessions were the types of plains that got revealed. They included passcodes such as “k1araj0hns0n,” “Sh1a-labe0uf,” “Apr!l221973,” “Qbesancon321,” “DG091101%,” “@Yourmom69,” “ilovetofunot,” “windermere2313,” “tmdmmj17,” and “BandGeek2014.” Also included in the list: “all of the lights” (yes, spaces are allowed on many sites), “i hate hackers,” “allineedislove,” “ilovemySister31,” “iloveyousomuch,” “Philippians4:13,” “Philippians4:6-7,” and “qeadzcwrsfxv1331.” “gonefishing1125” was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, “You won’t ever find it using brute force.” Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” 
More than two dozen advanced weapons systems were accessed, although documents obtained by The Washington Post do not indicate whether the breaches occurred on government or contractor networks. [Read more] 
