Australian ISPs Not Ready For Mandatory Data Retention 58 writes: October 13 marks the day Australian ISPs are required by law to track all web site visits and emails of their users, but according to an article on the Australian Broadcasting Corporation's news site the majority of ISPs are not ready to begin mandatory data retention. The article's author, Will Ockenden, had previously released his own metadata to readers in an experiment to see how effectively this kind of data reveals personal habits of online users. The majority of Australians appear unconcerned with this level of scrutiny of their lives, given the minimal reaction to this and proposed tougher legislation designed to deal with the threats of crime and terrorism.

Star Trek: New Voyages, The Fan-Based Star Trek Series ( 72

An anonymous reader writes: The New York Times has published an article on Star Trek: New Voyages, a fan production that's based on TOS. “People come from all over the world to take part in this — Germany, the United Kingdom, Australia and every state in the union,” said James Cawley, the show’s executive producer. “That’s the magic of Star Trek. It’s spawned this whole generation of fans who went on to professional careers — doctors, lawyers, engineers — who are now participating in that shared love here.” With TOS fans generally being less than enamored with the movie reboots, are fan produced web series the wave of the future?

The Pepsi P1 Smartphone Takes Consumer Lock-In Beyond the App ( 145

An anonymous reader writes: On the 20th of October Pepsi will launch its own smartphone in China. The P1 is not just a cowling brand, but a custom-made device running Android 5.1 and costing approximately $205. At that price it's almost a burner, but even so it represents new possibilities for a brand to truly control the digital space for its eager consumers in a period where mobile content-blocking is becoming a marketing obstruction, and where there is increasing resistance on Google's part to allow publishers to push web-users from the internet to 'the app'.

Fenno-German 'Sea Lion' Telecom Cable Laying Begins ( 39

jones_supa writes: A couple of years ago, details began to unfold of a government-backed high capacity data cable between Germany and Finland, which would be routed through the Baltic Sea. The cable has now been nicknamed "Sea Lion," and the work started Monday in Santahamina coastal area, outside Helsinki. The cable was built by Alcatel Lucent and is operated by the Finnish firm Cinia Group. The Finnish government, along with the banking and insurance sector, have together invested €100M into the project. That investment is expected to pay for itself many times over once the business sector gets a boost from the new telecom jump. The new cable also makes Finland independent of the Øresund Bridge, through which all of the country's Internet traffic is currently routed, via Denmark and Sweden. Eventually the new link can reach Asia as well, via the Northeast Passage shipping route.

Why Many CSS Colors Have Goofy Names ( 67

An anonymous reader writes: Take a look at the list of named colors within the CSS Color Module Level 4. The usual suspects are there, like 'red,' 'cyan,' and 'gold,' as well as some slightly more descriptive ones: 'lightgrey,' 'yellowgreen,' and 'darkslateblue.' But there are also some really odd names: 'burlywood,' 'dodgerblue,' 'blanchedalmond,' and more. An article at Ars walks through why these strange names became part of a CSS standard. Colors have been added to the standard piece by piece over the past 30 years — here's one anecdote: "The most substantial release, created by Paul Raveling, came in 1989 with X11R4. This update heralded a slew of light neutral tones, and it was a response to complaints from Raveling's coworkers about color fidelity. ... Raveling drew these names from an unsurprising source: the (now-defunct) paint company Sinclair Paints. It was an arbitrary move; after failing to receive sanctions from the American National Standards Institute (ANSI), which issued standards for Web color properties, Raveling decided to take matters into his own hands. He calibrated the colors for his own HP monitor. 'Nuts to ANSI & "ANSI standards,"' he complained."

Cryptome Accidentally Leaks Its Own Visitor IP Addresses ( 40

An anonymous reader writes with this Daily Dot story about an accidental leak of user info from Cryptome. Cryptome, the Internet's oldest document-exposure site, inadvertently leaked months worth of its own IP logs and other server information, potentially exposing details about its privacy-conscious users. The data, which specifically came from the Cartome sub-directory on, according to Cryptome co-creator John Young, made their way into the wild when the site logs were included on a pair of USB sticks sent out to a supporter.

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others ( 33

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.
Open Source

Linux Foundation: Security Problems Threaten 'Golden Age' of Open Source ( 74

Mickeycaskill writes: Jim Zemlin, executive director of the Linux Foundation, has outlined the organization's plans to improve open source security. He says failing to do so could threaten a "golden age" which has created billion dollar companies and seen Microsoft, Apple, and others embrace open technologies. Not long ago, the organization launched the Core Infrastructure Initiative (CII), a body backed by 20 major IT firms, and is investing millions of dollars in grants, tools, and other support for open source projects that have been underfunded. This was never move obvious than following the discovery of the Heartbleed Open SSL bug last year. "Almost the entirety of the internet is entirely reliant on open source software," Zemlin said. "We've reached a golden age of open source. Virtually every technology and product and service is created using open source. Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet."

BBC Optimizing UHD Video Streaming Over IP ( 71

johnslater writes: A friend at the BBC has written a short description of his project to deliver UHD video over IP networks. The application bypasses the OS network stack, and constructs network packets directly in a buffer shared with the network hardware, achieving a ten-fold throughput improvement. He writes: "Using this technique, we can send or receive uncompressed UHD 2160p50 video (more than 8 Gbps) using a single CPU core, leaving all the rest of the server's cores free for video processing." This is part of a broader BBC project to develop an end-to-end IP-based studio system.

First Successful Collision Attack On the SHA-1 Hashing Algorithm ( 85

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.


MIT Master's Program To Use MOOCs As 'Admissions Test' ( 112

jyosim writes: In what could usher a new way of doing college admissions at elite colleges, MIT is experimenting with weighing MOOC performance as proof that students should be accepted to on-campus programs. The idea is to fix the "inexact science" of sorting through candidates from all over the world. And it gives students a better sense of what they're getting into: "When you buy a car, you take a test drive. Wouldn't it be a great value for prospective students to take a test course before they apply?" said one academic blogger.

ESR On Why the FCC Shouldn't Lock Down Device Firmware ( 143

An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."

IP Address May Associate Lyft CTO With Uber Data Breach ( 103

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.
United States

NSF Awards $74.5 Million To Support Interdisciplinary Cybersecurity Research ( 9

aarondubrow writes: The National Science Foundation announced $74.5 million in grants for basic research in cybersecurity. Among the awards are projects to understand and offer reliability to cryptocurrencies; invent technologies to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the science of censorship resistance by developing accurate models of the capabilities of censors. According to NSF, long-term support for fundamental cybersecurity research has resulted in public key encryption, software security bug detection, spam filtering and more.

Ask Slashdot: Where Can I Find "Nuts and Bolts" Info On Cookies & Tracking Mechanisms? 84

New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.

Wealth of Personal Data Found On Used Electronics Purchased Online 70

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."
The Internet

Yale Makes Available Online 170,000 Photographs From WWII Period 49

schwit1 writes: Yale University had posted online 170,000 Library of Congress photographs taken in the United States from 1935 to 1945. The photos come from all over the U.S., and can be accessed with this easy-to-use interactive map. They also used the original captions allowing the viewer to get an honest feel for the time period.

Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments 41

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

Verizon Is Merging Its Cellphone Tracking Supercookie with AOL's Ad Tracking Network 99

schwit1 writes: ProPublica reports that Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL's ad network, which in turn monitors users across a large swath of the Internet. That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — "your gender, age range and interests." AOL's network is on 40 percent of websites, including on ProPublica.
The Internet

Scandal Erupts In Unregulated Online World of Fantasy Sports 174 writes: Joe Drape and Jacqueline Williams report at the NYT that a major scandal is erupting in the multibillion-dollar industry of fantasy sports, the online and unregulated business in which an estimated 57 million people participate where players assemble their fantasy teams with real athletes. Two major fantasy sports companies were forced to release statements defending their businesses' integrity after what amounted to allegations of insider trading — that employees were placing bets using information not generally available to the public. "It is absolutely akin to insider trading. It gives that person a distinct edge in a contest," says Daniel Wallach. "It could imperil this nascent industry unless real, immediate and meaningful safeguards are put in place."

In FanDuel's $5 million "NFL Sunday Million" contest this week, DraftKings employee Ethan Haskell placed second and won $350,000 with his lineup that had a mix of big-name players owned by a high number of users. Haskell had access to DraftKings ownership data meaning that he may have seen which NFL players had been selected by DraftKings users, and by how many users. In light of this scandal, DraftKings and FanDuel have, for now, banned their employees from playing on each other's sites. Many in the highly regulated casino industry insist daily fantasy sports leagues are gambling sites and shouldn't be treated any differently than traditional sports betting. This would mean a high amount of regulation. Industry analyst Chris Grove says this may be a watershed moment for a sector that may need the legislation it has resisted in order to prove its legitimacy. "You have information that is valuable and should be tightly restricted," says Grove. "There are people outside of the company that place value on that information. Is there any internal controls? Any audit process? The inability of the industry to produce a clear and compelling answer to these questions to anyone's satisfaction is why it needs to be regulated."