privacy-rights – Page 19 – Tech Today w/ Ken May

Quitting + failures + a microscope in the living room = Nobel Prize

Murray Hill, NJ—When the Nobel Prizes were handed out last year, there was clearly an interesting story behind Eric Betzig, who won in chemistry for his work in developing a microscope that could image well beyond the diffraction limit. Betzig, it was noted, took time out of his scientific career to work in his father’s machine tool business for a number of years. That break occurred after he left Bell Labs in New Jersey. Yesterday, his former home had him back in order to honor him, along with its seven other Nobel winners. Betzig got a prime speaking slot, and he used it to fill in the details of his long odyssey. Although his time at Bell Labs ended with him quitting science, it was clear that his time there was essential to his career’s eventual resurrection. Betzig started at Bell Labs after finishing his PhD at Cornell (the person who hired him, Hosrt Störmer, went on to win a Nobel as well). At the time, he was working on what’s termed “near field” microscopy, where, as he described it, a lens with a tiny aperture is jabbed right up against a sample; images are built by scanning the imaging tip across the sample. To make these tips, he’d been coating glass pipettes with aluminum; once at Bell Labs, he switched to something that was in easy supply there: optical fibers. Read 12 remaining paragraphs | Comments

View original post here:
Quitting + failures + a microscope in the living room = Nobel Prize

US, European police take down highly elusive botnet known as Beebone

US and European police have shut down a botnet that provided a captive audience of backdoored PCs to criminals who were looking for an easy way to quickly install malware on large numbers of computers. The takedown of the Beebone botnet is something of a coup because the underlying malware was so resistant to detection. Polymorphic downloader software at the heart of the malicious program updated itself as many as 19 times a day. Beebone also relied on a pair of programs that re-downloaded each other, acting as an insurance policy should one of them be removed, authorities told the Associated Press . “From a techie’s perspective, they made it as difficult as they possibly could for us,” a Europol advisory told the news organization. The takedown was a joint operation that involved the US FBI, Europol’s European Cybercrime Center, and private security groups including Kaspersky Lab, Shadowserver, and McAfee. Read 4 remaining paragraphs | Comments

See more here:
US, European police take down highly elusive botnet known as Beebone

Price of WoW gold plummets in first day of “official” trading

Just over a day after Blizzard introduced the first official method for converting dollars into World of Warcraft gold, the real-world price for the in-game currency has already plummeted 27 percent from the initial position set by Blizzard. For most of World of Warcraft ‘s history, the only way to buy in-game gold with real currency was to go through one of many gray market third-party services (which technically goes against Blizzard’s terms of service for the game). That was true until yesterday, when Blizzard introduced a $20 game time token that can be sold for gold at the in-game auction house on North American servers (European servers will get the feature at a later date). While the real world price of those tokens is fixed at $20, the gold price is “determined dynamically based on supply and demand,” as Blizzard puts it. To start the market off, Blizzard set the price of a $20 token at 30,000 gold. That gold price increased incrementally for a few hours before plummeting precipitously starting yesterday evening in the US. As of this writing, just over 24 hours after the markets opened, that initial price has fallen over 27 percent to 21,739 gold, according to an API-based tracking site . Read 5 remaining paragraphs | Comments

More:
Price of WoW gold plummets in first day of “official” trading

YouTube planning subscription service for ad-free videos

According to an e-mail sent to YouTube content creators, the video platform is looking to launch a subscription-based service that will permit viewers to bypass pre-roll ads on videos. It’s unclear how much the subscription will cost per month, but Bloomberg reports that revenue from the feature will be shared with content creators, as a supplement to advertising revenue from viewers who choose not to pay for the subscription service. An anonymous source told Bloomberg that the service could launch as early as this year. Venture Beat noted that an update to the terms of service for YouTube program partners said that the company would share 55 percent of its revenue with creators. What an individual creator gets back from that pool would be based on “a percentage of the monthly views or watchtime of all or a subset of participating content in the relevant subscription offering (as determined by YouTube).” Read 2 remaining paragraphs | Comments

View original post here:
YouTube planning subscription service for ad-free videos

FBI would rather prosecutors drop cases than disclose stingray details

Not only is the FBI actively attempting to stop the public from knowing about stingrays, it has also forced local law enforcement agencies to stay quiet even in court and during public hearings, too. An FBI agreement, published for the first time in unredacted form on Tuesday , clearly demonstrates the full extent of the agency’s attempt to quash public disclosure of information about stingrays. The most egregious example of this is language showing that the FBI would rather have a criminal case be dropped to protect secrecy surrounding the stingray. Relatively little is known about how, exactly, stingrays, known more generically as cell-site simulators, are used by law enforcement agencies nationwide, although new documents have recently been released showing how they have been purchased and used in some limited instances. Worse still, cops have lied to courts about their use. Not only can stingrays be used to determine location by spoofing a cell tower, they can also be used to intercept calls and text messages. Typically, police deploy them without first obtaining a search warrant. Read 23 remaining paragraphs | Comments

View original post here:
FBI would rather prosecutors drop cases than disclose stingray details

Dell support software gets flagged by antivirus program

Diagnostic software preinstalled on many Dell computers is now being flagged as a potentially unwanted program by antivirus program Malwarebytes following the discovery of a vulnerability that allows attackers to remotely execute malicious code on older versions. The application known as Dell System Detect failed to validate code before downloading and running it, according to a report published last month by researcher Tom Forbes. Because the program starts itself automatically, a malicious hacker could use it to infect vulnerable machines by luring users to a booby-trapped website. According to researchers with AV provider F-Secure , the malicious website need only have contained the string “dell” somewhere in its domain name to exploit the weakness. www.notreallydell.com was just one example of a site that would have worked. Dell released an update in response to Forbes’s report, but even then, users remained vulnerable. That’s because the updated program still accepted downloads from malicious sites that had a subdomain with “dell” in it, for instance, a.dell.fakesite.ownedbythebadguys.com. Read 2 remaining paragraphs | Comments

New York woman can send divorce papers via Facebook

A New York County Supreme Court judge ruled that 26-year-old nurse Ellanora Baidoo can serve divorce papers (PDF) to her soon-to-be ex-husband, Victor Sena Blood-Dzraku, via Facebook. The ruling is one of the first of its kind, and it comes at a time when even standard e-mail is still not “statutorily authorized” as a primary means of service, the judge wrote. A number of courts have allowed plaintiffs to use Facebook as supplemental means of service since at least 2013, but Baidoo has requested that the social media service be the primary and only means of telling Blood-Dzraku that she wants a divorce. The circumstances for the decision are unique, however. As the New York Daily News reported , Baidoo and Blood-Dzraku, both Ghanaian, were married in a civil service in 2009, but when Blood-Dzraku refused to marry in a traditional Ghanaian wedding ceremony, the relationship ended. The two never lived together, and Blood-Dzraku only kept in touch with Baidoo via phone and Facebook. Read 5 remaining paragraphs | Comments

Excerpt from:
New York woman can send divorce papers via Facebook

Large Hadron Collider restarts after 2 years of maintenance

After being shut down for two years, the Large Hadron Collider (LHC) is back online, CERN announced Sunday. “Today at 10:41am [local time], a proton beam was back in the 27-kilometer ring, followed at 12:27pm by a second beam rotating in the opposite direction,” the European Organization for Nuclear Research reported in a statement . “These beams circulated at their injection energy of 450 GeV. Over the coming days, operators will check all systems before increasing energy of the beams.” Read 8 remaining paragraphs | Comments

See original article:
Large Hadron Collider restarts after 2 years of maintenance

Change.org springs a leak, exposes private e-mail addresses

Online petitions service Change.org has a website bug that’s disclosing as many as 40,000 e-mail addresses that presumably belong to current or former subscribers. The disclosure bug was active at the time this post was being prepared and is exploitable using the search box provided on the site or via Google or Bing. The number of results returned ranged from 40,000 to 65,000, although not every result included an e-mail address. Still, a large number of them returned pages like the one above, which Ars has redacted out of fairness to the affected e-mail user. The leak appears to be the result of Change.org Web links that contain valid GET request tokens used to validate users after they have successfully entered their password. A bug appears to be adding the tokens automatically, even when the viewer hasn’t been authenticated. The following screenshot shows a portion of the token in the address bar: Read 2 remaining paragraphs | Comments

See the original article here:
Change.org springs a leak, exposes private e-mail addresses

TrueCrypt security audit is good news, so why all the glum faces?

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group . “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report . “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” Read 7 remaining paragraphs | Comments

Visit site:
TrueCrypt security audit is good news, so why all the glum faces?