Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Cellphones

Ask Slashdot: Are There Secure Alternatives To Skype? (theguardian.com) 236

How can you make a truly secure phone call? An anonymous Slashdot reader writes: I have a Windows 8.1 phone and mostly use it for Skype calls and chats. A bit of browsing every now and then, and checking public transportation schedules... What can I do to be able to securely chat and place audio/video calls? What do you think is the best device to buy and what apps to use on it?
Skype for Windows Phone will stop working in 2017, and Skype's privacy was already suspect after Edward Snowden leaked evidence of Microsoft's secret collaboration with the NSA. But are there any good alternatives -- especially for a Windows Phone user? Leave your suggestions in the comments. What are the best secure alternatives to Skype?
Government

Can We Avoid Government Surveillance By Leaving The Grid? (counterpunch.org) 264

Slashdot reader Nicola Hahn writes: While reporters clamor about the hacking of the Democratic National Committee, NSA whistleblower James Bamford offers an important reminder: American intelligence has been actively breaching email servers in foreign countries like Mexico and Germany for years. According to Bamford documents leaked by former NSA specialist Ed Snowden show that the agency is intent on "tracking virtually everyone connected to the Internet." This includes American citizens. So it might not be surprising that another NSA whistleblower, William Binney, has suggested that certain elements within the American intelligence community may actually be responsible for the DNC hack.

This raises an interesting question: facing down an intelligence service that is in a class by itself, what can the average person do? One researcher responds to this question using an approach that borrows a [strategy] from the movie THX 1138: "The T-H-X account is six percent over budget. The case is to be terminated."

To avoid surveillance, the article suggests "get off the grid entirely... Find alternate channels of communication, places where the coveted home-field advantage doesn't exist... this is about making surveillance expensive." The article also suggests "old school" technologies, for example a quick wireless ad-hoc network in a crowded food court. Any thoughts?
Security

New Cache Attack Can Monitor Keystrokes On Android Phones (onthewire.io) 36

Trailrunner7 quotes a report from OnTheWire: : Researchers from an Austrian university have developed techniques that allow them to perform cache attacks on non-rooted Android phones that can monitor the keystrokes, screen taps, and even observe code execution inside the ARM processor's TrustZone secure execution environment. The attacks the team developed are complex and rely on a number of individual building blocks. The techniques are similar to some used against Intel x86 processor-based systems, but the team from Graz University of Technology in Austria shows that they can be used on ARM-based systems, such as Android phones, as well.

"Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen," the researchers wrote in their paper, which was presented at the USENIX Security Symposium this week.

It's a proof-of-concept attack. But interestingly, another recently-discovered Android vulnerability also required the user to install a malicious app -- and then allowed attackers to take full control of the device.
Google

Google Working On New 'Fuchsia' OS (digitaltrends.com) 145

An anonymous reader writes: Google is working on a new operating system dubbed Fuchsia OS for smartphones, computers, and various other devices. The new operating system was spotted in the Git repository, where the description reads: "Pick + Purple == Fuchsia (a new Operating System). Hacker News reports that Travis Geiselbrech, who worked on NewOS, BeOS, Danger, Palm's webOS and iOS, and Brian Swetland, who also worked on BeOS and Android will be involved in this project. Magenta and LK kernel will be powering the operating system. "LK is a kernel designed for small systems typically used in imbedded applications," reads the repository. "On the other hand, Magenta targets modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." It's too early to tell exactly what this OS is meant for. Whether it's for an Android and Chrome OS merger or something completely new, it's exciting nonetheless.
Democrats

Hacker Publishes Cell Phone Numbers of House Democrats (thehill.com) 82

Another day, another leak. A suspected Russian hacker known as "Guccifer 2.0" has published the phone numbers of House Democrats on his website Friday. The Hill reports: "The document was obtained from the cyberattack on the Democratic Congressional Campaign Committee (DCCC). The hacker also published DCCC shared passwords to several online databases and news networks. The dump also included the memos on the House race for Florida's 18th district, including opposition research on the Republican contenders, which is being vacated by Democrat Patrick Murphy as he vies for the Senate. The hacker also claimed to have breached House Minority Leader Nancy Pelosi's computer and published a memo sent to her about a 2015 fundraiser for Morgan Carroll, who is running for a Colorado House seat against Republican Mike Coffman."
Canada

Local Canadian Police Station Admits To Owning Stingray Surveillance Device (vice.com) 43

The Edmonton Police Service has admitted to Motherboard that it owns a Stingray and that it used the [surveillance] device in the past during investigations. After Vancouver cops admitted to using the phone tracker to investigate an abduction in 2007, Motherboard called up other local police stations in Canada to ask if they had also previously used one. As you can imagine, the other stations kept mum. In the US, Stingrays are a regular part of government and law enforcement agencies' surveillance arsenal. But Vancouver's and Edmonton's police services are the first law enforcement offices in Canada to confirm that they've used the device. Motherboard adds: According an emailed statement from police spokesperson Anna Batchelor, Edmonton's cops have "used the device in the past during investigations," but would not release any additional details in order to "to protect [Edmonton Police Service] operations." Until now, the only law enforcement in the country known to use the devices was the Royal Canadian Mounted Police, the country's analogue to the US Federal Bureau of Investigation. These suitcase-sized surveillance tools have been used in the past by the Vancouver and Toronto police, but the Vancouver police have said they borrowed the Stingray from the RCMP, and in Toronto an RCMP technician was on hand, at least in that incident. The Edmonton police's comment to Motherboard is the first time a local police department in Canada has publicly admitted to owning a Stingray device.
DRM

Cory Doctorow On What iPhone's Missing Headphone Jack Means For Music Industry (fastcompany.com) 393

Rumors of Apple's next iPhone missing a headphone jack have been swirling around for more than a year now. But a report from WSJ a few weeks ago, and another report from Bloomberg this week further cemented such possibility. We've talked about it here -- several times -- but now Cory Doctorow is shedding light on what this imminent change holds for the music industry. Reader harrymcc writes: Fast Company's Mark Sullivan talked about the switch with author and EFF adviser Cory Doctorow, who thinks it could lead to music companies leveraging DRM to exert more control over what consumers can do with their music.From the article:"If Apple creates a circumstance where the only way to get audio off its products is through an interface that is DRM-capable, they'd be heartbreakingly naive in assuming that this wouldn't give rise to demands for DRM," said Doctorow. If a consumer or some third-party tech company used the music in way the rights holders didn't like, the rights holders could invoke the anti-circumvention law written in Section 1201 of the Digital Millennium Copyright Act (DMCA). Steve Jobs famously convinced the record industry to remove the DRM from music on iTunes; is there really any reason to believe the industry might suddenly become interested in DRM again if the iPhone audio goes all digital? "Yes -- for streaming audio services," Doctorow says. "I think it is inevitable that rights holder groups will try to prevent recording, retransmission, etc." Today it's easy to record streamed music from the analog headphone jack on the phone, and even to convert the stream back to digital and transmit it in real time to someone else. With a digital stream it might not be nearly so easy, or risk-free."Doctorow shares more on BoingBoing.
Republicans

Cracking The Code On Trump Tweets (time.com) 330

jIyajbe writes: From Electoral-Vote.com: "A theory has been circulating that the Donald Trump tweets that come from an Android device are from the candidate himself, while the ones that come from an iPhone are the work of his staff. David Robinson, a data scientist who works for Stack Overflow, decided to test the theory. His conclusion: It's absolutely correct. Robinson used some very sophisticated algorithms to analyze roughly 1,400 tweets from Trump's timeline, and demonstrated conclusively that the iPhone tweets are substantively different than the Android tweets. The former tend to come later at night, and are vastly more likely to incorporate hashtags, images, and links. The latter tend to come in the morning, and are much more likely to be copied and pasted from other people's tweets. In terms of word choice, the iPhone tweets tend to be more neutral, with their three most-used phrases being 'join,' '#trump2016,' and '#makeamericagreatagain.' The Android tweets tend to be more emotionally charged, with their three most-used phrases being 'badly,' 'crazy,' and 'weak.'" reifman adds: In an excellent forensic text analysis of Trump's tweets with the Twitter API, data geek David Robinson demonstrates Trump authors his angriest, picture-less, hashtag-less Android tweets often in the morning, while staff tweet from an iPhone with pictures, hashtags and greater joy mostly in the middle of the day. Robinson's report was inspired by a tweet by artist Todd Vaziri. As for why Robinson decided to look into Trump's tweets, he told TIME, "For me it's more about finding a really interesting story, a case where people suspect something, but don't have the data to back it up. For me it was much more about putting some quantitive details to this story that has been going around than it was about proving something about Trump's campaign."
Security

A New Wireless Hack Can Unlock Almost Every Volkswagen Sold Since 1995 (arstechnica.com) 115

Volkswagen isn't having the best of times. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, reports Wired (alternate source). Security experts of the University of Birmingham were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars. ArsTechnica reports: The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob -- obtained with a little electronic eavesdropping, say -- you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg (writer at Wired) notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute.
Security

Samsung Pay Hack Lets Attackers Make Fraudulent Payments (theverge.com) 16

jmcbain writes: The Verge reports that a security researcher at DefCon outlined a number of attacks targeting Samsung Pay, Samsung's digital payment system that runs on their smartphones. According to the article, the attack "[focuses] on intercepting or fabricating payment tokens -- codes generated by the user's smartphone that stand in for their credit card information. These tokens are sent from the mobile device to the payment terminal during wireless purchases. [They expire 24 hours after being generated and are single-use only.]" In a response, Samsung said that "in certain scenarios an attacker could skim a user's payment token and make a fraudulent purchase with their card," but that "the attacker must be physically close to the target while they are making a legitimate purchase."
Android

Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) 151

Jon Fingas, writing for Engadget: Don't look now, but your web browser is about to become aware of the devices around you. After months of testing, Google has switched on broader experimental support in Chrome and Chrome OS for Web Bluetooth, which lets websites interact with your nearby Bluetooth gear. You could use a web interface to control your smart home devices, for instance, or send data directly from your heart rate monitor to a fitness coach. At the moment, trying Web Bluetooth requires the stars to align in just the right way. You'll need a pre-release version of Chrome 53, and you'll naturally want to find (or create) a website that uses the tech in the first place.
Businesses

Report: Apple Watch 2 Coming Late 2016 With GPS, Faster Processor and Better Waterproofing (9to5mac.com) 159

An anonymous reader writes: Apple analyst KGI's Ming-Chi Kuo says the Apple Watch 2 is right around the corner. The analyst says the Watch will arrive in late 2016 and will likely be announced alongside the iPhone 7 in September. It will reportedly feature a GPS, barometer, better waterproofing, as well as a new internal SoC for faster performance. Those looking for a fresh new design may be disappointed as KGI does not expect the physical design of the watch to change at all. The Apple Watch 2 will essentially be an 'iPhone S' update, where it keeps the same physical design with improved internal specifications. In addition to the updated Apple Watch 2, Apple is expected to update the original Apple Watch with a new SoC to improve CPU and GPU performance. The price of the Apple Watch in general should be cut even further than it already has. The original Apple Watch could receive more than a $50 reduction in its pricing, possibly pushing it below the $200 mark. We should know more in early September when Apple unveils the iPhone 7.
Government

Iran Bans Pokemon Go Over 'Security Concerns' (usatoday.com) 71

An anonymous reader writes: Iran has become the first country to ban Pokemon Go, the mobile game where users (aka Pokemon trainers) roam the physical world in search for digital creatures known as Pokemon. The country cites security concerns for the reason behind the ban. "Any game that wants to operate nationwide in Iran needs to obtain permission from the ministry of culture and Islamic guidance, and the Pokemon Go app has not yet requested such a permission," Abolhasan Firouzabadi, the head of Iran's supreme council of virtual space, told the Isna news agency. The Guardian reports that Iranian officials feel that the game can create problems for the country and its people. Iranian authorities use smart filtering software, a system that affects connectivity speeds and in many cases has replaced more traditional mechanisms for blocking internet services, the Guardian reported.
Android

900M Android Devices Vulnerable To New 'Quadrooter' Security Flaw (cnet.com) 129

An anonymous Slashdot reader quotes a report from CNET: Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device. The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws. An attacker would have to trick a user into installing a malicious app, which wouldn't require any special permissions. If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware -- including its camera and microphone.
The flaw even affects several of Google's own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the "most secure Android smartphone." CNET adds that "A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed."
Networking

Myths Persist About Running Public Wi-Fi in the UK (arstechnica.co.uk) 20

If you're running a Wi-Fi hotspot in the U.K., Ars Technica found most of the available legal advice online was either "ill-informed" or "invented", and "the same wrong advice repeated by multiple sources -- including vendors offering to help clients ensure compliance with the 'rules.'" An anonymous Slashdot reader writes: If you run a public Wi-Fi service, can you be held responsible if someone uses it to infringe copyright, defame someone or commit a crime? Ars Technica examines the situation under English law on intermediary liability, as well as looking at data protection law and obligations (or not) to store traffic data for law enforcement.

According to Ars, much publicised "guidance" for would-be Wi-Fi operators indicates that an operator would be liable, but the legal experts who spoke to Ars are far less convinced.

Government

Is The US Social Security Site Still Vulnerable To Identity Theft? (krebsonsecurity.com) 46

Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a "security" code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.

More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.

In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.
United Kingdom

BBC To Deploy Detection Vans To Snoop On Internet Users (telegraph.co.uk) 212

product_bucket writes: The BBC has been given permission to use a new technology to detect users of the iPlayer who do not hold a TV license. Researchers at University College London have apparently developed a method to identify specially crafted "packets" of data over an encrypted Wi-Fi link without needing to break the underlying encryption itself. TV Licensing (the fee-collecting arm of the BBC) has said the practice is under regular scrutiny by independent regulators, but declined to elaborate on how the technique works. Dr Miguel Rio, a computer network expert who helped to oversee the doctoral thesis, said: "They actually don't need to decrypt traffic, because they can already see the packets. They have control over the iPlayer, so they can ensure that it sends packets at a specific size, and match them up. They could also use directional antennae to ensure they are viewing the Wi-Fi operating within your property." The BBC has been given such authority through the Regulation of Investigatory Powers Act.
Piracy

Popular BitTorrent Search Engine Site Torrentz.eu Mysteriously Disappears (softpedia.com) 118

monkeyzoo writes: Softpedia reports that Torrentz.eu, the internet's biggest BitTorrent meta-search engine, has mysteriously and suddenly shut down. Visitors of the website see a simple message that reads, "Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines." Trying to run a search, or clicking any link on the site changes that message to "Torrentz will always love you. Farewell." The main .EU domain, as well as all backup domains (.ME, .CH, and .IN), have the same message. The reason for the disappearance is mysterious, but there is speculation that Torrentz.eu admins decided to pull the plug on their own and avoid any future legal problems in the wake of increasing legal pressure on The Pirate Bay and the arrests related to KickassTorrents. It also cannot be ruled out that the site was hacked.
Social Networks

Olympic Committee Prohibits Streaming Apps, Vines and GIFs From Its Events (techcrunch.com) 188

An anonymous reader writes: The Olympics Committee has introduced a new set of social media guidelines for the 2016 games. Not only will streaming applications and vines be prohibited, but GIFs will be too. TechCrunch reports: "Part of the new restriction appears in the official broadcast rules (PDF), under 'Internet and Mobile Platforms': '[...] the use of Olympic Material transformed into graphic animated formats such as animated GIFs (i.e. GIFV), GFY, WebM, or short video formats such as Vines and others, is expressly prohibited.' Then, in the FAQ for the social and digital media guidelines (PDF): 'Broadcasting images via life-streaming applications (e.g. Periscope, Meerkat) is prohibited inside Olympic venues.' The versions of these documents updated for the 2014 games in Sochi don't have any comparable language, or at least nothing this specific. A possible exception is the 'Photographer's Undertaking,' which states: 'The dissemination of moving images or sound captured in an Olympic venue, through any media, including display on the internet, Mobile Platform and other interactive media or electronic medium, is strictly prohibited.'"
Government

Pennsylvania To Apply 6% 'Netflix Tax' (allflicks.net) 271

An anonymous reader writes: Governor Tom Wolf of Pennsylvania has signed into law a new revenue package that will require residents to pay a 6% sales tax on their streaming subscriptions. AllFlicks reports: "Though the term 'Netflix tax' has become popular, laws like this don't just affect Netflix -- they also affect competitors like Hulu and HBO Now. App purchases and ebooks are also affected. They recently decided on a hefty $31.5 billion budget, and they came up $1.3 billion short of paying for it. The government is trying to close that funding gap, and streaming subscribers are being stuck with the bill." Magazine and newspaper subscriptions, as well as digital versions of the Bible, will be exempt from the digital downloads tax, reports CBS Local News in Pittsburgh.

Slashdot Top Deals