Nerval's Lobster writes "Microsoft will encrypt consumer data and make its software code more transparent, in a bid to boost consumer confidence in its security. Microsoft claims that it will now encrypt data flowing through Outlook.com, Office 365, SkyDrive, and Windows Azure. That will include data moving between customers' devices and Microsoft servers, as well as data moving between Microsoft data-centers. The increased-transparency part of Microsoft's new initiative is perhaps the most interesting, considering the company's longstanding advocacy of proprietary software. But Microsoft actually isn't planning on throwing its code open for anyone to examine, as much as that might quell fears about government-designed backdoors and other nefarious programming. Instead, according to its general counsel Brad Smith, "transparency" means "building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors." In addition, Microsoft plans on opening a network of "transparency centers" where customers can go to "assure themselves of the integrity of Microsoft's products." That's not exactly the equivalent of volunteers going through TrueCrypt to ensure a lack of NSA backdoors, and it seems questionable whether such moves (vague as they are at this point) on Microsoft's part will assure anyone that it hasn't been compromised by government sources. But with Google and other tech firms making a lot of noise about encrypting their respective services, Microsoft has little choice but to join them in introducing new privacy initiatives."
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
chicksdaddy writes "Cyber attacks on 'connected vehicles' are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers (PDF) asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey's letter, dated December 2, cites recent reports of 'commands...sent through a car's computer system that could cause it to suddenly accelerate, turn or kill the breaks,' and references research conducted by Charlie Miller and Chris Valasek (PDF) on the Toyota Prius and Ford Escape. 'Today's cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network (CAN) ... Vehicle functionality, safety and privacy all depend on the functions of these small computers, as well as their ability to communicate with one another,' Markey wrote. Among the questions Markey wants answers to: What percentage of cars sold in model years 2013 and 2014 do not have any wireless entry points? What are automakers' methods for testing for vulnerabilities in technologies it deploys — including third pressure technologies? Markey asks specifically about tire pressure monitors, bluetooth and other wireless technologies and GPS (like Onstar). What third party penetration testing is conducted on vehicles (and any results)? What intrusion detection features exist for critical components like controller area network (CAN) buses on connected vehicles?"
An anonymous reader writes "I work at a manufacturing company. We have roughly 150 employees, 130 desktops, 8 physical servers, 20 virtual servers + a commercial SAN. We're a Windows shop with Exchange 2013. That's the first part. The second part is we have an ERP system that controls every aspect of our business processes. It has over 100 customizations (VB, but transitioning over to C#). We also have 20 or so custom-made support applications that integrate with the ERP to provide a more streamlined interface to the factory workers in some cases, and in other cases to provide a functionality that is not present in the ERP at all. Our IT department consists of: 1 Network Administrator (me), 4 Programmers (one of which is also the IT Manager). I finally convinced our immediate boss that we need another network support person to back me up (but he must now convince the CEO who thinks we have a large IT department already). I would like them to also hire dedicated help desk people. As it stands, we all share help desk duties, but that leads to projects being seriously delayed or put on hold while we work on more mundane problems. It also leads to a good amount of stress, as I can't really create the solid infrastructure I want us to have, and the developers are always getting pressure from other departments for projects they don't have the manpower to even start. I'm not really sure how to convince them we need more people. I need something rather concrete, but there are widely varying ratios of IT/user ratios in different companies, and I'm sure their research turned up with some generic rule of thumb that leads them to believe we have too many already. What can we do?"
First time accepted submitter murpht2 writes "My company prides itself on an office environment that follows a modern design aesthetic: open floor plan, bold colors on the walls, cool lamps in the corners. We're now engaged in a significant upgrade to our IT systems and we have a clash: the IT team leader wants to run network cable in trays hanging from the ceiling so all the client computers have high-speed access to the new servers; the guy in charge of the office design wants to keep things looking clean and the cable trays don't fit the bill. We're in a building made entirely of bricks and concrete, so we lack some of the between-the-wall spaces that are used in other settings. Any suggestions for beautiful cable trays or other alternatives?"
An anonymous reader writes "D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October. The flaw was discovered and its exploitability proved with a PoC by Tactical Network Solutions' security researcher Craig Heffner. D-Link confirmed the existence of the problem a few weeks later."
New submitter palemantle writes with this excerpt from The Hindu, updating our earlier mention of the successful launch of India's Mars-bound probe: "In a remarkably successful execution of a complex manoeuvre, the Indian Space Research Organisation (ISRO) fired the propulsion system on board the spacecraft for a prolonged duration of 23 minutes from 0049 hours on Sunday. In space parlance, the manoeuvre is called Trans-Mars Injection (TMI). ISRO called it 'the mother of all slingshots.' Celebrations broke out at the control centre of the ISRO Telemetry, Tracking and Command Network (ISTRAC) at Bangalore from where the spacecraft specialists gave commands for the orbiter's 440 Newton engine to begin firing. The Mars Orbiter Mission (MOM), also known as Mangalyaan, is designed to demonstrate the technological capability to reach Mars orbit. But the $72m (£45m) probe will also carry out experiments, including a search for methane gas in the planet's atmosphere."
An anonymous reader writes "Over the last couple years, I have taught myself the basic concepts behind Computational Neuroscience, mainly from the book by Abbott and Dayan. I am not currently affiliated with any academic Neuroscience program. I would like to take a DIY approach and work on some real world problems of Computational Neuroscience. My questions: (1) What are some interesting computational neuroscience simulation problems that an individual with a workstation class PC can work on? (2) Is it easy for a non-academic to get the required data? (3) I am familiar with (but not used extensively) simulators like Neuron, Genesis etc. Other than these and Matlab, what other software should I get? (4) Where online or offline, can I network with other DIY Computational Neuroscience enthusiasts? My own interest is in simulation of Epileptogenic neural networks, music cognition networks, and perhaps a bit more ambitiously, to create a simulation on which the various Models of Consciousness can be comparatively tested."
New submitter TheRealHocusLocus writes "The FCC is drafting rules to formalize the process of transition of 'last-mile' subscriber circuits to digital IP-based data streams. The move is lauded by AT&T Chairman Tom Wheeler who claims that significant resources are spent to maintain 'legacy' POTS service, though some 100 million still use it. POTS, or 'Plain Old Telephone Service,' is the analog standard that allows the use of simple unpowered phone devices on the wire, with the phone company supplying ring and talk voltage. I cannot fault progress, in fact I'm part of the problem: I gave up my dial tone a couple years ago because I needed cell and could not afford to keep both. But what concerns me is, are we poised to dismantle systems that are capable of standing alone to keep communities and regions 'in-touch' with each other, in favor of systems that rely on centralized (and distant) points of failure? Despite its analog limitations POTS switches have enforced the use of hard-coded local exchanges and equipment that will faithfully complete local calls even if its network connections are down. But do these IP phones deliver the same promise? For that matter, is any single local cell tower isolated from its parent network of use to anyone at all? I have had a difficult time finding answers to this question, and would love savvy Slashdot folks to weigh in: In a disaster that isolates the community from outside or partitions the country's connectivity — aside from local Plain Old Telephone Service, how many IP and cell phones would continue to function?"
angry tapir writes "With the look of Google Plus and Facebook-like elements, a new social network named "Syme" feels as cozy as a well-worn shoe. But beneath the familiar veneer, it's quite different. Syme encrypts all content, such as status updates, photos and files, so that only people invited to a group can view it. Syme, which hosts the content on its Canada-based servers, says it can't read it. "The overarching goal of Syme is to make encryption accessible and easy to use for people who aren't geeks or aren't hackers or who aren't cryptography experts," co-founder Jonathan Hershon said in an interview about the service." See also Diaspora.
hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."
judgecorp writes "BlackBerry has launched BBM Channels, a rather Twitter-like social network that runs on its BBM messaging system. Meanwhile the company had good news in the developing world: it is the second most popular phone in South Africa. From the article: 'The update is available for BBM users on BlackBerry 10 and some older BlackBerry smartphones, but it is promised that support will be added for iPhone and Android soon, with users of those platforms able to access the web version if they have a confirmed BlackBerry ID email address.'"
jones_supa writes "Jolla, the mobile phone company formed by ex-Nokia employees, has officially launched its first phone. It will be initially available in Finland, paired with the local telecom operator DNA. After that, it will be made available in 135 other countries. The Jolla handset runs the Sailfish OS, which is itself based on the former MeeGo platform developed by Nokia and Intel several years ago to produce Linux-based smartphone software. Sailfish can run Android apps and it also integrates Nokia's Here mapping and positioning technology. Looking at the hardware, the device sports a 1.4GHz dual-core Qualcomm processor, 1GB memory and 16GB of flash storage, plus a 4.5in 960x540 IPS touchscreen with Gorilla 2 Glass. It has the usual mobile network support, including GSM/3G/4G, 802.11b/g/n WiFi and Bluetooth, 8MP autofocus rear camera and 2MP front camera. SIM-free pricing is expected to be €399."
schwit1 writes with a short excerpt from The Cable "The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable. American representatives have made it clear that they won't tolerate such checks on their global surveillance network." A leaked memo containing U.S. suggestions for changes to the ICCPR includes gems like (referring to intercepting communications) "Move 'may threaten' from before 'the foundations of a democratic [society]...' to before 'freedom of expression.' We need to clarify that privacy violations could 'interfere with' freedom of expression and avoid the inaccurate suggestion that all privacy violations are violations of freedom of expression." The U.S. changes are pretty much directed at making dragnet surveillance of non-citizens technically legal.
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."
Fnord666 writes with this excerpt from Tech Crunch "Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service's encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away. 'If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic,' says Twitter's Jacob Hoffman-Andrews. 'As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today's Internet.'" Of course, they are also using Elliptic Curve ciphers.
Daniel_Stuckey writes "Tor has been in the spotlight lately as a way to keep prying eyes away from your online activities. However, to your average internet user, the covert network of relays and whatchamacallits can come off as too complex and intimidating to bother with — even as people are increasingly concerned with their online privacy in light of the NSA scandal. So goes the thinking behind Safeplug, a new hardware adapter that basically puts Tor in a box. It takes 60 seconds and 50 bucks to plug the privacy box into your router, and you're good to go, the company claims. Like anonymous browsing for dummies. The adapter comes from hardware company Pogoplug, which announced its new product yesterday and hopes it will bring Tor to the mass market by offering more consumer-friendly access. 'We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user,' CEO Dan Putterman told GigaOM."
Nerval's Lobster writes "Bitcoin hype has reached orbit: you can now use the virtual currency to fly on Virgin Galactic, which will begin taking passengers on sub-orbital flights in 2014. 'One future astronaut, a female flight attendant from Hawaii, has already purchased her Virgin Galactic ticket using bitcoins,' Virgin CEO Richard Branson wrote in a blog posting on Virgin's Website, 'and we expect many more to follow in her footsteps. All of our future astronauts are pioneers in their own right, and this is one more way to be forward-thinking.' Branson is an investor in Bitcoin, which has seen its per-unit value skyrocket from $10 to $900 over the past two years (today, its value stands at $766, but that could rapidly change). 'The lack of transparency from Bitcoin's founders has attracted some criticism, but its open source nature means anyone can audit the code,' he added in his posting. 'It is a brilliantly conceived idea to allow users to power the peer-to-peer payment network themselves, providing control and freedom for consumers.' A flight aboard Virgin Galactic costs $250,000, or roughly 320 Bitcoin at today's price. However, Bitcoin is also a volatile currency, diving and spiking in response to a variety of factors—while it's certainly possible that its value could zoom above $1,000 in the near future, there's always the possibility it could crash down to a few hundred dollars, or even lower."
rjupstate sends an article comparing how an IT infrastructure would be built today compared to one built a decade ago. "Easily the biggest (and most expensive) task was connecting all the facilities together. Most of the residential facilities had just a couple of PCs in the staff office and one PC for clients to use. Larger programs that shared office space also shared a network resources and server space. There was, however, no connectivity between each site -- something my team resolved with a mix of solutions including site-to-site VPN. This made centralizing all other resources possible and it was the foundation for every other project that we took on. While you could argue this is still a core need today, there's also a compelling argument that it isn't. The residential facilities had very modest computing needs -- entering case notes, maintaining log books, documenting medication adherence, and reviewing or updating treatment plans. It's easy to contemplate these tasks being accomplished completely from a smartphone or tablet rather than a desktop PC." How has your approach (or your IT department's approach) changed in the past ten years?
alphadogg writes "A network researcher at the U.S. Department of Energy's Fermi National Accelerator Laboratory has found a potential new use for graphics processing units — capturing data about network traffic in real time. GPU-based network monitors could be uniquely qualified to keep pace with all the traffic flowing through networks running at 10Gbps or more, said Fermilab's Wenji Wu. Wenji presented his work as part of a poster series of new research at the SC 2013 supercomputing conference this week in Denver."
theodp writes "Google takes Scroogling to new heights with its just-patented Automated Generation of Suggestions for Personalized Reactions in a Social Network, which not only data mines "e-mail systems, SMS/MMS systems, micro blogging systems, social networks or other systems" to get the buzz on your social circle, but also uses the data it collects to make like ELIZA and formulate appropriate responses for you to send as if they were your own (e.g., 'Happy Birthday, Mom!). Wouldn't Turing be so proud! From the patent: 'In a third example, a friend, David, sends Alice public or private message of a particular but regularly encountered message type (e.g., "how are you doing?" a common way to greet someone in the United States). The suggestion generation module suggest a good set of reactions to David, for example, based on the professional profile of David from the social network indicating that David has changed employers. The suggestion generation module generates a reply message such as "Hey David, I am fine, You were in ABC corp. for 3 years and you recently moved to XYZ corp., how do you feel about the difference, enjoying your new workplace?" The content of this suggestion are based on 1) prior conversations between Alice and David, 2) previous messages sent by Alice to other friends and 3) messages (sent by other connections in Alice's friend circle to David) which are either publicly or privately accessible to Alice, or some combination of these. Thus, the suggestion generation module generates messages that are personalized based upon both the sender and recipient using information that is accessible (public or private) to the sender.' Looks like Facebook may not be the only one strip-mining human society!"