An anonymous reader writes "The LA Times mentions that after visiting well known sites such as ADP, Verizon Wireless, Scottrade, Geico, Equifax, PayPal and Allstate, sensitive data remains in the browser disk cache despite those sites using SSL. This included full credit reports, prescription history, payroll statements, partial SSNs, credit card statements, and canceled checks. Web servers are supposed to send a Cache-Control: no-store header to prevent this, but many of the sites are sending non-standard headers recognized only by Internet Explorer, and others are sending no cache headers at all. While browsers were once cautious about writing content received over SSL to the disk cache, today, most do so by default unless the server specifies otherwise."
Slashdot is powered by your submissions, so send in your scoop
An anonymous reader writes "At a hearing today before the Senate Judiciary Committee, FBI director Robert Mueller confirmed the agency is using unmanned drones for surveillance within the U.S. Senator Chuck Grassley asked, 'Does the FBI own or currently use drones and for what purpose?' Mueller replied, 'Yes, for surveillance.' Grassley then asked, 'Does the FBI use drones for surveillance on U.S. soil?' Mueller said, 'Yes, in a very, very minimal way, and seldom.' With regard to restricting the use of drones to protect citizens' privacy, Mueller said, 'It is still in nascent stages but it is worthy of debate and legislation down the road.' According to article, 'Dianne Feinstein, who is also chair of the Senate intelligence committee, said the issue of drones worried her far more than telephone and internet surveillance, which she believes are subject to sufficient legal oversight.'"
Rick Zeman writes "'Confidentiality is critical to national security.' So wrote the Justice Department in concealing the NSA's role in two wiretap cases. However, now that the NSA is under the gun, it's apparently not so critical, according to New York attorney Joshua Dratel: 'National security is about keeping illegal conduct concealed from the American public until you're forced to justify it because someone ratted you out.' The first he heard of the NSA's role in his client's case was 'when [FBI deputy director Sean] Joyce disclosed it on CSPAN to argue for the effectiveness of the NSA's spying.' Dratel challenged the legality of the spying in 2011, and asked a federal judge to order the government to produce the wiretap application the FBI gave the secretive Foreign Intelligence Surveillance Court to justify the surveillance. 'Disclosure of the FISA applications to defense counsel – who possess the requisite security clearance – is also necessary to an accurate determination of the legality of the FISA surveillance, as otherwise the defense will be completely in the dark with respect to the basis for the FISA surveillance,' wrote Dratel. According to Wired, 'The government fought the request in a 60-page reply brief (PDF), much of it redacted as classified in the public docket. The Justice Department argued that the defendants had no right to see any of the filings from the secret court, and instead the judge could review the filings alone in chambers."
colinneagle writes "A recent GigaOm report discusses Verizon's 'peering' practices, which involves the exchange of traffic between two bandwidth providers. When peering with bandwidth provider Cogent starts to reach capacity, Verizon reportedly isn't adding any ports to meet the demand, Cogent CEO Dave Schaffer told GigaOm. 'They are allowing the peer connections to degrade,' Schaffer said. 'Today some of the ports are at 100 percent capacity.' Why would Verizon intentionally disrupt Netflix video streaming for its customers? One possible reason is that Verizon owns a 50% stake in Redbox, the video rental service that contributed to the demise of Blockbuster (and more recently, a direct competitor to Netflix in online streaming). If anything threatens the future of Redbox, whose business model requires customers to visit its vending machines to rent and return DVDs, it's Netflix's instant streaming service, which delivers the same content directly to their screens."
adeelarshad82 writes "For the fourth year running, PCMag sent drivers out on U.S. roads to test the nation's Fastest Mobile Networks. Using eight identical Samsung phones, the drivers tested out eight separate networks for four major carriers across 30 cities evenly spread across six regions. Using Sensorly's 2013 software, a broad suite of tests were conducted every three minutes: a 'ping' to test network latency, multi-threaded HTTP upload and download tests including separate 'time to first byte' measures, a 4MB single-threaded file download, a 2MB single-threaded file upload, the download of a 1MB Web page with 70 elements, and 100kbps and 500kbps UDP streams designed to simulate streaming media. Nearly 90,000 data cycles later, the data not only revealed the fastest networks (AT&T) and the most consistent (Verizon), but also other interesting points. The tests recorded the fastest download speed (66.11 Mbits/sec) in New Orleans and the best average in Austin (27.25 Mbits/sec), both for AT&T's LTE network. The tests also found T-Mobile's HSPA network to have the worst Average-Time-To-First-Byte, even when compared with AT&T HSPA network. Also according to the tests, Sprint's LTE network didn't even come close to competing with other LTE networks, to the point that in some cities its LTE network speed averaged less than T-Mobile's HSPA network speed."
Lucas123 writes "Intel this year plans to sell a set-top box and Internet-based streaming media service that will bundle TV channels for subscribers, but cable, satellite and ISPs are likely to use every tool at their disposal to stop another IP-based competitor, according to experts. They may already be pressuring content providers to charge Intel more or not sell to it. Another scenario could be that cable and ISP providers simply favor their own streaming services with pricing models, or limit bandwidth based on where customers get their streamed content. For example, Comcast could charge more for a third-party streaming service than for its own, or it could throttle bandwidth or place caps on it to limit how much content customer receives from streaming media services as it did with BitTorrent. Meanwhile, Verizon is challenging in a D.C. circuit court the FCC's Open Internet rules that are supposed to ensure there's a level playing field."
Nerval's Lobster writes "In an open letter addressed to U.S. attorney general Eric Holder and FBI director Robert Mueller, Google chief legal officer David Drummond again insisted that reports of his company freely offering user data to the NSA and other agencies were untrue. 'However,' he wrote, 'government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.' In light of that, Drummond had a request of the two men: 'We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope.' Apparently Google's numbers would show 'that our compliance with these requests falls far short of the claims being made.' Google, Drummond added, 'has nothing to hide.'" Another open letter was sent to Congress from a variety of internet companies and civil liberties groups (headlined by Mozilla, the EFF, the ACLU, and the FSF), asking them to enact legislation to prohibit the kind of surveillance apparently going on at the NSA and to hold accountable the people who implemented it. (A bipartisan group of senators has just come forth with legislation that would end such surveillance.) In addition to the letter, the ACLU sent a lawsuit as well, directed at President Obama, Eric Holder, the NSA, Verizon and the Dept. of Justice (filing, PDF). They've also asked (PDF) for a release of court records relevant to the scandal. Mozilla has also launched Stopwatching.us, a campaign to "demand a full accounting of the extent to which our online data, communications and interactions are being monitored." Other reactions: Tim Berners-Lee is against it, Australia's Foreign Minister doesn't mind it, the European Parliament has denounced it, and John Oliver is hilarious about it (video). Meanwhile, Edward Snowden, the whistleblower who leaked the information about the NSA's surveillance program, is being praised widely as a hero and a patriot. There's already a petition on Whitehouse.gov to pardon him for his involvement, and it's already reached half the required number of signatures for a response from the Obama administration.
An anonymous reader writes "While the tech media has gone wild the past few days with the reports of the NSA tracking Verizon cell usage and creating the PRISM system to peer into our online lives, a new study by Pew Research suggests that most U.S. citizens think it's okay. 62 percent of Americans say losing some personal privacy is acceptable as long as its used to fight terrorism, and 56 percent are okay with the NSA tracking phone calls. Online tracking is fair less popular however, with only 45 percent approving of the practice. The data also shows that the youth are far more opposed to curtailing privacy to fight terror, which could mean trouble for politicians planning to continue these programs in the coming years."
An anonymous reader writes "The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defense contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell. The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. 'I have no intention of hiding who I am because I know I have done nothing wrong,' he said."
An anonymous reader writes "Privacy and surveillance have taken centre stage this week with the revelations that U.S. agencies have been engaged in massive, secret surveillance programs that include years of capturing the meta-data from every cellphone call on the Verizon network (the meta-data includes the number called and the length of the call) as well as gathering information from the largest Internet companies in the world including Google, Facebook, Microsoft, and Apple in a program called PRISM. Michael Geist explains how many of the same powers exist under Canadian law and that it is very likely that Canadians have been caught up by these surveillance activities."
Rick Zeman writes "Hot on the heels of Verizon's massive data dump to NSA comes news of 'PRISM' where The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person's movements and contacts over time. This program, established in 2007, includes major companies such as Apple, Microsoft, Yahoo, Google, Facebook...and more."
Trailrunner7 writes "For many observers of the privacy and surveillance landscape, the revelation by The Guardian that the FBI received a warrant from the secretive Foreign Intelligence Surveillance Court to require Verizon to turn over to the National Security Agency piles of call metadata on all calls on its network probably felt like someone telling them that water is wet. There have been any number of signals in the last few years that this kind of surveillance and data collection was going on, little indications that the United States government was not just spying on its own citizens, but doing so on a scale that would dwarf anything that all but the most paranoid would imagine." And now the Obama administration has defended the practice as a "critical tool."
Rick Zeman writes "According to Wired, an order by the Foreign Intelligence Surveillance Court '...requires Verizon to give the NSA metadata on all calls within the U.S. and between the U.S. and foreign countries on an "ongoing, daily basis" for three months.' Unlike orders in years past, there's not even the pretense that one of the parties needed to be in a foreign country. It is unknown (but likely) that other carriers are under the same order."
Trailrunner7 writes "Those of you who like to tinker and jailbreak Android phones should take notice of some new research conducted on Samsung Galaxy S4 Android devices shipped by AT&T and Verizon. Both devicemakers ship the Galaxy S4 smartphones with a locked-down bootloader that prevents users from uploading custom kernels or from making modifications to software on the phone. Azimuth Security researcher Dan Rosenberg has found a vulnerability in the manner in which the devices do cryptographic checks of boot image signatures and was able to exploit the flaw and upload his own unsigned kernel to the device."
An anonymous reader writes "A California user of Verizon's FiOS fiber-optic internet service put his unlimited data plan to the test. Over the month of March, he totaled over 77 terabytes of internet traffic, which finally prompted a call from a Verizon employee to see what he was doing. The user had switched to a 300Mbps/65Mbps plan in January, and averaged 50 terabytes of traffic per month afterward. 'An IT professional who manages a test lab for an Internet storage company, [the user] has been providing friends and family a personal VPN, video streaming, and peer-to-peer file service—running a rack of seven servers with 209TB of raw storage in his house.' The Verizon employee who contacted him said he was violating the service agreement. "Basically he said that my bandwidth usage was excessive (like 30,000 percent higher than their average customer)," [the user] said. '[He] wanted to know WTF I was doing. I told him I have a full rack and run servers, and then he said, "Well, that's against our ToS." And he said I would need to switch to the business service or I would be disconnected in July. It wasn't a super long call.'"
In the U.S., subsidized phones are the norm: for post-paid, long-term contract use, getting a low up-front price on a phone is one of the few upsides. New submitter Apptopia writes "After T Mobile mostly did away with subsidized phone plans, the other major carriers (Verizon, AT&T, Sprint) are paying attention. Carriers lose money with phone subsidies for high-end smartphones (particularly Apple's iPhone). If they do away with the subsidy, you will have to pay full retail price for phones, but your monthly bill will be lower." If people had a better idea what they were paying for, though, manufacturers might fight harder on price. There are lots of well-reviewed, multi-band, unlocked phones on Amazon and DealExtreme from lesser-known companies, and Nokia's new Asha 501 (though limited in many ways, including availability, having just launched in India) shows that the "smartphone" label can apply even to a sub- $100 phone.
An anonymous reader writes with a bit from the Asbury Park Press: "'Devastated and wiped out by superstorm Sandy, Verizon has no plans to rebuild its copper-line telephone network in Mantoloking. Instead, Verizon says Mantoloking is the first town in New Jersey, and one of the few areas in the country, to have a new service called Verizon Voice Link. Essentially, it connects your home's wired and cordless telephones to the Verizon Wireless network.' So no copper or fiber to a fairly densely populated area. Comcast will now be the only voice/data option with copper to the area."
tdog17 writes "Verizon and MySpace scored a zero out of a possible six stars in a test of how far 18 technology service providers will go to protect user data from government data demands. Twitter and Internet service provider Sonic.net scored a perfect six in the third annual Electronic Frontier Foundation 'Who Has Your Back?' report. Apple, AT&T and Yahoo ranked near the bottom, each scoring just one star. 'While we are pleased by the strides these companies have made over the past couple years, there’s plenty of room for improvement. Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide. Facebook has yet to publish a transparency report. Yahoo! has a public record of standing up for user privacy in courts, but it hasn't earned recognition in any of our other categories. Apple and AT&T are members of the Digital Due Process coalition, but don’t observe any of the other best practices we’re measuring. ... We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories.'"
itwbennett writes "According to a study (PDF) by the Georgetown Center for Business and Public Policy, restricting the ability of Verizon Wireless and AT&T to bid in upcoming spectrum auctions would drive down the bidding during the auction, and could cost the U.S. treasury as much as $12 billion. Even a partial restriction of bids by Verizon and AT&T could have a significant impact on auction revenues, said Douglas Holtz-Eakin, a co-author of the Georgetown study. Matt Wood, policy director at digital rights group Free Press, fired back, saying 'No one is talking about completely barring AT&T and Verizon from the incentive auction. Sensible people are talking about making sure that more than two companies have a chance at obtaining spectrum. The fact that these duopolists hired economists to parrot the companies' own talking points isn't really that newsworthy.'"
colinneagle writes "Verizon's 2013 Data Breach Investigation Report is out and includes data gathered by its own forensics team and data breach info from 19 partner organizations worldwide. China was involved in 96% of all espionage data-breach incidents, most often targeting manufacturing, professional and transportation industries, the report claims. The assets China targeted within those industries included laptop/desktop, file server, mail server and directory server, in order to steal credentials, internal organization data, trade secrets and system info. A whopping 95% of the attacks started with phishing to get a toehold into their victim's systems. The report states, 'Phishing techniques have become much more sophisticated, often targeting specific individuals (spear phishing) and using tactics that are harder for IT to control. For example, now that people are suspicious of email, phishers are using phone calls and social networking.' It is unknown who the nation-state actors were in the other 4% of breaches, which the report says 'may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today.'" The report also notes that financially-motivated incidents primarily came from the U.S. and various Eastern European countries.