Slashdot

alphadogg sends in a Network World piece that begins "Facebook has agreed to shut down a program that sparked a lawsuit alleging privacy violations, and set up a $9.5M fund for a nonprofit foundation that will support online privacy, safety, and security. The lawsuit centers around Facebook's Beacon program, which let third-party Web sites distribute 'stories' about users to Facebook. Beacon was launched in November 2007 and less than a year later plaintiffs filed a class action lawsuit 'alleging that Facebook and its affiliates did not give users adequate notice and choice about Beacon and the collection and use of users' personal information.' ... Facebook never admitted wrongdoing but as part of a proposed settlement the company began sending notices to Facebook users this week. The settlement provides no compensation directly to users who receive the notice. Facebook users can opt out of the settlement, and should do so if they wish to pursue further legal action against Facebook related to the Beacon program. 'If you choose to do nothing and remain in the settlement class, you will be legally bound by the settlement,' a FAQ on the settlement Web site says. "By doing nothing, you will be giving up the right to sue Facebook and the other Defendants over claims related to or arising out of the Beacon program.'" Other defendents included Blockbuster, Fandango, Overstock.com, Zappos.com, and Gamefly. Neither the article nor the settlement site mentions what part, if any, they play in the settlement.

hweimer writes "The German government plans on paying to set up a call center to help Windows users with malware infections. I think this has the effect of being a malware bailout for Microsoft, discouraging them and other software companies from writing better code and giving users little incentive to switch to more secure alternatives. How much government money is needed to run the call center is also not revealed." The call center, running in cooperation with ISPs (but not manufacturers), is envisioned to have a staff of about 40.

A travel blog breaks the story of a poor job of redacting by the TSA: they posted a PDF of airport screening policies, with certain sections blacked out — not realizing that simply laying a black rectangle over the text is hardly sufficient. Cryptome has posted a copy with the redaction removed (ZIP).

squizzar writes in with news of a 27 year old Chinese woman who was discovered to have had her fingerprints surgically swapped between hands in order to fool Japanese immigration. "It is Japan's first case of alleged biometric fraud, but police believe the practice may be widespread. ... The apparent ability of illegal migration networks to break through hi-tech controls suggests that other countries who fingerprint visitors could be equally vulnerable — not least the United States, according to BBC Asia analyst Andre Vornic." Time for some biometric escalation. Could iris scans be subverted as easily?

An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"

brothke writes "While there is a plethora of books such as Public Speaking for Dummies, and many similar titles, Confessions of a Public Speaker is unique in that it takes a holistic approach to the art and science of public speaking. The book doesn't just provide helpful hints, it attempts to make the speaker, and his associated presentation, compelling and necessary. Confessions is Scott Berkun's first-hand account of his many years of public speaking, teaching and television appearances. In the book, he shares his successes, failures, and many frustrating experiences, in the hope that the reader will be a better speaker for it." Keep reading for the rest of Ben's review.

Tarinth writes "Google just announced its new Google DNS platform. Many have viewed this as a move to increase ad revenue, or maybe capture more data. This article explores those questions, as well as the actual benchmarking results for Google DNS — showing that it is faster than many, but not nearly as fast as many others." We also recently discussed security implications of the Google Public DNS.

I Don't Believe in Imaginary Property writes "According to Ambassador Ron Kirk, the head of US Trade Representatives, the secrecy around the ACTA copyright treaty is necessary because without that secrecy, people would be 'walking away from the table.' If you don't remember, that treaty is the one where leaks indicate that it may contain all sorts of provisions for online copyright enforcement, like a global DMCA with takedown and anti-circumvention restrictions, three-strikes laws to terminate offending internet connections, and copyright cops. FOIA requests for the treaty text have been rebuffed over alleged 'national security' concerns. One can only hope that what he has said is true and that sites like Wikileaks will help tear down the veil of secrecy behind which they're negotiating our future."

An anonymous reader writes "According to Sophos, Facebook users are getting sloppier with their personal info, not better. Revisiting a 2007 survey in which a plastic frog got 87 hits out of 200 friend requests, this time a rubber duck and a cat got 87 out of 200 friend requests, plus a bonus 8 friends who decided to trust them anyway. The research also suggests that older Facebook users are sloppier than the young, being keener to build their list of friends. (The older users had more than 4x the friends each, on average, than the young.)"

An anonymous reader writes "Some hackers out there don't like to do all the hard work of running a successful phishing campaign. Instead, they developed a simple online service to 'steal' account details from the hard-working phishers. Named AutoWhaler, the service allows anyone to scan a phishing server for log files that contain juicy information such as usernames and passwords."

Lexta writes with an interesting tidbit from IEEE Spectrum: "'Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system.' The intended approach is to create an open source project to spread the computation of a giant look-up table across more than 80 machines. Interestingly, they've openly stated that nVidia's CUDA technology will be used to execute parallel elements of the problem on GPUs as well."

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

[rvr] writes "Last Monday, the Spanish Government published the latest draft for the Sustainable Economy Act, which would enable a Commission dependent of the Ministry of Culture to take down websites without a court order, in cases of Intellectual Property piracy. On Wednesday, using Google Wave, a group of journalists, bloggers, professionals and creators composed and issued a Manifesto in Defense of Fundamental Rights on the Internet, stating that 'Copyright should not be placed above citizens' fundamental rights to privacy, security, presumption of innocence, effective judicial protection and freedom of expression.' Quickly, more than 50,000 blogs and sites re-published the manifesto. On Thursday morning, the Ministry of Culture Ángeles González Sinde (former president of the Spanish Academy of Motion Picture Arts and Sciences) organized a meeting with a group of Internet experts and signers of the Manifesto. The meeting was narrated in real time via Twitter and concluded without any agreement. On Thursday afternoon, the Prime Minister's staff had a private meeting with the Ministry of Culture and some party members (who also expressed their opposition to the draft). Finally, Spain Prime Minister José Luis Rodríguez Zapatero announced in a press meeting that the text will be changed and a court order will continue to be a requirement, but [the government] still will search for ways to fight Internet piracy."

Ardisson writes "Swiss iPhone developer Nicolas Seriot presented last night a talk on iPhone Privacy in Geneva. He showed how a malicious application could harvest personal data on a non-jailbroken iPhone (PDF) and without using private APIs. It turns out that the email accounts, the keyboard cache content and the WiFi connection logs are fully accessible. The talk puts up several recommendations. There is also a demo project on github."

garg0yle writes "According to McAfee, more than a third of Cameroon domains (TLD of .cm) are infested with viruses or other not-so-fun party treats. Given that it's very easy to mis-type .com as .cm, this puts the computers of a lot of fat-fingered typists in peril. Second place on the most-infested domains list goes to China (.cn), while Hong Kong (last year's 'winner') is now comfortably middle-of-the-pack."

Barence follows up to the ongoing Black Screen of Death Saga by saying "Microsoft says reports of 'Black Screen of Death' errors aren't caused by Windows Updates, as claimed by a British security firm. The software giant claims November's Windows Updates didn't alter registry keys in the way described by Prevx, which said that the Microsoft Patches caused PCs to boot with just a black screen and a Windows Explorer window. Microsoft is now blaming the problem on malware. Prevx has issued a grovelling apology on its own blog."

reginaldo writes to clue us that pirates in Somalia have opened up a cooperative in Haradheere, where investors can pay money or guns to help their favorite pirate crew for a share of the piracy profits. "'Four months ago, during the monsoon rains, we decided to set up this stock exchange. We started with 15 "maritime companies" and now we are hosting 72. Ten of them have so far been successful at hijacking,' Mohammed [a wealthy former pirate who took a Reuters reporter to the facility] said. ... Piracy investor Sahra Ibrahim, a 22-year-old divorcee, was lined up with others waiting for her cut of a ransom pay-out after one of the gangs freed a Spanish tuna fishing vessel. 'I am waiting for my share after I contributed a rocket-propelled grenade for the operation,' she said, adding that she got the weapon from her ex-husband in alimony. 'I am really happy and lucky. I have made $75,000 in only 38 days since I joined the "company."'"

eldavojohn writes "A formal complaint was filed in California (caged PDF) last week by John Lindstein naming David Miscavige and the Church of Scientology International as defendants. Lindstein claims that for sixteen years (from age 8) he was forced to work as a slave at Gold Base, a secret CoS site run by Golden Era Productions with 'razor wire, security guard patrols, surveillance posts, and three roll calls each day.' The pay was $50 a week. The allegations include 'Violations of wage and hour laws as well as unfair/illegal business practices actionable under California B&P 17200 Et. Seq.' and a complaint under the 13th Amendment of the US Constitution, which abolished slavery. Members of the group Anonymous praised the summons."

dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional. If the plaintiffs are successful, it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance. "Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law."

duguk writes "Microsoft has confirmed that it is investigating a problem described as the 'black screen of death,' which affects Windows 7 — and reports suggest it affects Vista and XP, too. The firm said it was looking into reports that suggest its latest security update, released on Tuesday 25 November, caused the problem. The error means that users of Windows 7 and earlier operating systems see a totally black screen after logging on to the system." Update: 12/01 22:35 GMT by KD : Microsoft now says that its November Windows updates are not causing the BlackSOD: "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports."