vanity-fair – Page 22 – Tech Today w/ Ken May

All sent and and received e-mails in Gmail will be analyzed, says Google

Google added a paragraph to its terms of service as of Monday to tell customers that, yes, it does scan e-mail content for advertising and customized search results, among other reasons. The change comes as Google undergoes a lawsuit over its e-mail scanning, with the plaintiffs complaining that Google violated their privacy. E-mail users brought the lawsuit against Google in 2013, alleging that the company was violating wiretapping laws by scanning the content of e-mails. The plaintiffs are varied in their complaints, but some of the cases include people who sent their e-mails to Gmail users from non-Gmail accounts and nonetheless had their content scanned. They argue that since they didn’t use Gmail, they didn’t consent to the scanning. US District Judge Lucy Koh refused Google’s motion to dismiss the case in September. Koh also denied the plaintiffs class-action status in March on the grounds that the ways that Google might have notified the various parties of its e-mail scanning are too varied, and she could not decide the case with a single judgment. Read 2 remaining paragraphs | Comments

Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

SRLabs The heavily marketed fingerprint sensor in Samsung’s new Galaxy 5 smartphone has been defeated by whitehat hackers who were able to gain unfettered access to a PayPal account linked to the handset. The hack, by researchers at Germany’s Security Research Labs , is the latest to show the drawbacks of using fingerprints, iris scans, and other physical characteristics to authenticate an owner’s identity to a computing device. While advocates promote biometrics as a safer and easier alternative to passwords, that information is leaked every time a person shops, rides a bus, or eats at a restaurant, giving attackers plenty of opportunity to steal and reuse it. This new exploit comes seven months after a separate team of whitehat hackers bypassed Apple’s Touch ID fingerprint scanner less than 48 hours after it first became available. “We expected we’d be able to spoof the S5’s Finger Scanner, but I hoped it would at least be a challenge,” Ben Schlabs, a researcher at SRLabs, wrote in an e-mail to Ars. “The S5 Finger Scanner feature offers nothing new except—because of the way it is implemented in this Android device—slightly higher risk than that already posed by previous devices.” Read 7 remaining paragraphs | Comments

More here:
Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

FBI to have 52 million photos in its NGI face recognition database by next year

The EFF Jennifer Lynch is a senior staff attorney with the Electronic Frontier Foundation and works on open government, transparency and privacy issues, including drones, automatic license plate readers and facial recognition. New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. The EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI) —the FBI’s massive biometric database that may hold records on as much as one-third of the US population. The facial recognition component of this database poses real threats to privacy for all Americans. Read 21 remaining paragraphs | Comments

Taken from:
FBI to have 52 million photos in its NGI face recognition database by next year

Here’s how Windows 8.1 Update tries to give you the right UI on any device

The Windows 8.1 Update that introduces a bunch of interface changes to Windows 8.1 is designed to enhance the experience of mouse and keyboard users, but what about the growing number of happy touch users? About 40 percent (and increasing) of PCs available at retail have a touchscreen (compared to just 4 percent when Windows 8 launched), and for the most part, their buyers enjoy how they work. With touch interfaces a growing part of the Windows ecosystem, Microsoft didn’t want to make the touch experience worse. While many desktop users may want their systems to boot straight to the desktop, this is unlikely to be a popular option for tablet users. Touch laptop users could easily go either way. Microsoft’s goal, therefore, was to pick a sensible default based on the kind of system being used. The way the update does this is based on something called the power platform role , a setting found in the computer’s firmware specified by the manufacturer. For Windows PCs, it will typically be “desktop,” “mobile,” or “slate,” for desktops, laptops, and tablets, respectively. Read 9 remaining paragraphs | Comments

Original post:
Here’s how Windows 8.1 Update tries to give you the right UI on any device

NSA used Heartbleed nearly from the start, report claims [Updated]

Citing two anonymous sources “familiar with the matter,” Bloomberg News reports that the National Security Agency has known about Heartbleed, the security flaw in the OpenSSL encryption software used by a majority of websites and a multitude of other pieces of Internet infrastructure, for nearly the entire lifetime of the bug—“at least two years.” The sources told Bloomberg that the NSA regularly used the flaw to collect intelligence information, including obtaining usernames and passwords from targeted sites. As Ars reported on April 9, there have been suspicions that the Heartbleed bug had been exploited prior to the disclosure of the vulnerability on April 5 . A packet capture provided to Ars by Terrence Koeman , a developer based in the Netherlands, shows malformed Transport Security Layer (TSL) Heartbeat requests that bear the hallmarks of a Heartbleed exploit. Koeman said the capture dates to November of last year. But if the NSA has been exploiting Heartbleed for “at least two years,” the agency would have needed to discover it not long after the code for the TLS Heartbeat Extension was added to OpenSSL 1.0.1, which was released on March 14, 2012. The first “beta” source code wasn’t available until January 3, 2012 . Read 2 remaining paragraphs | Comments

See original article:
NSA used Heartbleed nearly from the start, report claims [Updated]

Appeals court reverses hacker/troll “weev” conviction and sentence [Updated]

Self-portrait by Weev A federal appeals court Friday reversed and vacated the conviction and sentence of hacker and Internet troll Andrew “weev” Auernheimer. The case against Auernheimer, who has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website, was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act, the same law that federal prosecutors were invoking against Aaron Swartz. But, in the end, the Third U.S. Circuit Court of Appeals didn’t squarely address the controversial fraud law and instead said Aeurnheimer was charged in the wrong federal court. Read 4 remaining paragraphs | Comments

See the original article here:
Appeals court reverses hacker/troll “weev” conviction and sentence [Updated]

DNA-based logic gates operate inside cockroach cells

DNA robots crawl across a surface made of DNA. Harvard DNA-based nanotechnology has been around for more than 30 years, but it really took off in 2006, when DNA origami was featured on the cover of Nature . This form of origami, the folding of DNA into 2D and 3D shapes, was more of an art form back then, but scientists are now using the approach to construct nanoscale robots. The basic principle of DNA origami is that a long, single-stranded DNA molecule will fold into a predefined shape through the base-pairing of short segments called staples. All that’s required is to ensure that each staple can find a complementary match to base-pair with at the right location elsewhere in the molecule. This approach can be used to create both 2D and 3D structures. The idea behind the new work is that a DNA origami robot can be programmed to have a specific function based on a key, which can be a protein, a drug, or even another robot. Once the right key and the right robot find each other, the key drives a conformational (structural) change in the robot. The new shape causes the robot to perform a programmed function, such as releasing a drug. Read 7 remaining paragraphs | Comments

View article:
DNA-based logic gates operate inside cockroach cells

Windows 8.1 Update halted to some enterprise users amid WSUS issues

Distribution of the Windows 8.1 Update, Microsoft’s hefty patch for Windows 8.1 that updates the user interface for desktop and mouse users , has been temporarily suspended for some enterprise users after the company discovered that patched systems are no longer able to receive future updates from Windows Server Update Services (WSUS) servers. The problem occurs when clients connect to WSUS with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft describes it primarily as an issue for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration. WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice. Read 2 remaining paragraphs | Comments

See original article:
Windows 8.1 Update halted to some enterprise users amid WSUS issues

LAPD officers monkey-wrenched cop-monitoring gear in patrol cars

Cliff The Los Angeles Police Commission is investigating how half of the recording antennas in the Southeast Division went missing, seemingly as a way to evade new self-monitoring procedures that the Los Angeles Police Department imposed last year. The antennas, which are mounted onto individual patrol cars, receive recorded audio captured from an officer’s belt-worn transmitter. The transmitter is designed to capture an officer’s voice and transmit the recording to the car itself for storage. The voice recorders are part of a video camera system that is mounted in a front-facing camera on the patrol car. Both elements are activated any time the car’s emergency lights and sirens are turned on, but they can also be activated manually. According to the Los Angeles Times , an LAPD investigation determined that around half of the 80 patrol cars in one South LA division were missing antennas as of last summer, and an additional 10 antennas were unaccounted for. Citing a police source, the newspaper said that removing the antennas can reduce the range of the voice transmitters by as much as a third of the normal operating distance. Read 10 remaining paragraphs | Comments

Follow this link:
LAPD officers monkey-wrenched cop-monitoring gear in patrol cars

Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Mascamon at lb.wikipedia Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers , consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services. The two-year-old bug is the result of a mundane coding error in OpenSSL , the world’s most popular code library for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate. Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet’s Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high. Read 6 remaining paragraphs | Comments

View article:
Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style