zrbyte writes "One-time pads are the holy grail of cryptography — they are impossible to crack, even in principle. However, the ability to copy electronic code makes one-time pads vulnerable to hackers. Now engineers at the California Institute of Technology in Pasadena, have found a way round this to create a system of cryptography that is invulnerable to electronic attack. Their solution is based on a special kind of one-time pad that generates a random key through the complexity of its physical structure, namely shining a light through a diffusive glass plate."
Check out SlashCloud for the latest in cloud computing.
An anonymous reader writes "Within a few months of launching, Snapchat has made an enormous and lasting impact on the culture of communication on the Internet – and we should all be grateful. They have simplified a security process enough to the point that anybody can use it, while validating the market of the next generation of privacy-preserving ephemeral communication. Most importantly, we may finally get a break from the forced permanence of the Facebook and Google world, where everything you do and share is a data point to be monetized and re-sold to the highest bidder."
antdude writes "Pew Internet reports that: 'Teens are sharing more info about themselves on social media sites than they have in the past, but they are also taking a variety of technical and non-technical steps to manage the privacy of that information. Despite taking these privacy-protective actions, teen social media users do not express a high level of concern about third-parties (such as businesses or advertisers) accessing their data.'"
An anonymous reader writes "Edwin Vargas, a detective with the New York City Police Department, was arrested on Tuesday for computer hacking crimes. According to the complaint unsealed in Manhattan federal court, between March 2011 and October 2012, Vargas, an NYPD detective assigned to a precinct in the Bronx, hired an e-mail hacking service to obtain log-in credentials, such as the password and username, for certain e-mail accounts. In total, he purchased access to at least 43 personal e-mail accounts belonging to 30 different individuals, including at least 19 who are affiliated with the NYPD."
First time accepted submitter fezzzz writes "Anonymous performed a data dump of hundreds of whistle blowers' private details in an attempt to show their unhappiness with the SAPS (South African Police Service) for the Marikana shooting. In so doing, the identities of nearly 16,000 South Africans who lodged a complaint with police on their website, provided tip-offs, or reported crimes are now publicly available." Reader krunster also submitted a slightly more in depth article on the breach.
benrothke writes "Had Locked Down: Information Security for Lawyers not been published by the American Bar Association (ABA) and 2 of its 3 authors not been attorneys; one would have thought the book is a reproach against attorneys for their obliviousness towards information security and privacy. In numerous places, the book notes that lawyers are often clueless when it comes to digital security. With that, the book is a long-overdue and valuable information security reference for anyone, not just lawyers." Read below for the rest of Ben's review.
cold fjord writes "A healthcare provider has sued the Internal Revenue Service and 15 of its agents, charging they wrongfully seized 60 million medical records from 10 million Americans ... [The unnamed company alleges] the agency violated the Fourth Amendment in 2011, when agents executed a search warrant for financial data on one employee – and that led to the seizure of information on 10 million, including state judges. The search warrant did not specify that the IRS could take medical information, UPI said. And information technology officials warned the IRS about the potential to violate medical privacy laws before agents executed the warrant, the complaint said." Also at Nextgov.com.
An anonymous reader writes "Having entered my personal details (full real name, home address) to websites with an 'https://' prefix in order to purchase goods, I am still being sent emails from companies (or their agents) which include, in plain text, those same details I have entered over a secure connection. These are often companies which are very keen to tell you how much they value your privacy and how they will not pass your details on to third parties. What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable? I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation — in any territory — which addresses this?"
theodp writes "The last thing Wired's Mat Honan remembered before awaking on the self-driving boat that dropped him on the island was sitting through a four-hour Google I/O keynote in Moscone Center and hearing Google CEO Larry Page promote a vision of a utopia where society could be free to innovate and experiment, unencumbered by government regulations or social norms. 'Welcome to Google Island,' a naked-save-for-a-pair-of-eyeglasses Larry Page tells Honan. 'As soon as you hit Google's territorial waters, you came under our jurisdiction, our terms of service. Our laws — or lack thereof — apply here. By boarding our self-driving boat you granted us the right to all feedback you provide during your journey. This includes the chemical composition of your sweat. Remember when I said at I/O that maybe we should set aside some small part of the world where people could experiment freely and examine the effects? I wasn't speaking theoretically. This place exists. We built it.'"
An anonymous reader writes "In a decision that's almost certainly going to result in this issue heading up to the Supreme Court, the Federal 1st Circuit Court of Appeals [Friday] ruled that police can't search your phone when they arrest you without a warrant. That's contrary to most courts' previous findings in these kinds of cases where judges have allowed warrantless searches through cell phones." (But in line with the recently mentioned decision in Florida, and seemingly with common sense.)
Techmeology writes "In response to declining utility of CALEA mandated wiretapping backdoors due to more widespread use of cryptography, the FBI is considering a revamped version that would mandate wiretapping facilities in end users' computers and software. Critics have argued that this would be bad for security (PDF), as such systems must be more complex and thus harder to secure. CALEA has also enabled criminals to wiretap conversations by hacking the infrastructure used by the authorities. I wonder how this could ever be implemented in FOSS."
Today eight members of the U.S. Congress have sent a letter to Google's Larry Page, asking him to address a number of privacy concerns about Google Glass. In the letter (PDF), they brought up the company's notorious Street View data collection incident, and asked how the company was planning to avoid a similar privacy breach with Glass. They also ask how Google is going to build Glass to protect the privacy of non-users who may not want their every public move to be recorded. Further, they ask about the security of recordings once they are made: "Will Google Glass have the capacity to store any data on the device itself? If so, will Google Glass implement some sort of user authentication system to safeguard stored data? If not, why not?" Google has until July 14th to respond.
hypnosec writes "Mozilla is not going ahead with its plans to block third-party cookies by default in the Beta version of its upcoming Firefox 22. Mozilla needs more time to analyze the outcome of blocking these cookies. The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited. The patch would block the ones from sites which hadn't been visited yet. The reason for Mozilla's change in plans is that they're currently looking into 'false positives.' If a user visits one part of a group of site, cookies from that part will be allowed, but cookies from related sites in the group may be blocked, and they're worried it will create a poor user experience. On the other side of the coin, there are 'false negatives.' Just because a user may have visited a particular site doesn't mean she is comfortable with the idea of being tracked."
jfruh writes "Larry Page revealed that he'd been suffering from a vocal cord ailment that impaired his ability to speak for more than a year. The positive feedback he got from opening up about it inspired him to tell attendees at Google I/O that we should all be less uptight about keeping our medical records private. As far as Page is concerned, pretty much the only legitimate reason for worry on this score is fear of being denied health insurance. 'Maybe we should change the rules around insurance so that they have to insure people,' he said."
First time accepted submitter Stratus311 writes "An article from The Verge shows a video leaked from Microsoft that parodies Google's Chrome ad. From the article: 'Microsoft and Google have been locked in a war of words over a YouTube Windows Phone app, but in the midst of the arguments a new Scroogled ad has emerged. Designed to be an internal-only video, a copy has somehow managed to find its way onto the web right in the middle of Google's I/O developer conference.'" "Somehow" leaked.
itwbennett writes "Contrary to recent reports, data broker Acxiom is not planning to give consumers access to all the information they've collected on us. That would be too great a challenge for the giant company, says spokesperson Alexandra Levy. Privacy blogger Dan Tynan recently spoke with Jennifer Barrett Glasgow, Chief Privacy Officer at Acxiom (she claims to be the very first CPO) about how the company collects information and what they do with it. This should give you some small measure of comfort: 'We don't know that you bought a blue shirt from Lands End. We just know the kinds of products you are interested in. We're trying to get a reasonably complete picture of your household and what the individuals who live there like to do,' says Glasgow."
Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.
redletterdave writes "The FAA predicts 30,000 drones will patrol the US skies by 2020, but New Jersey drivers could see these unmanned aerial vehicles hovering above the New Jersey Turnpike and Garden State Parkway much sooner than that. New Jersey lawmakers from both Republican and Democratic parties have introduced a number of bills to tackle the drones issue before the federal government starts issuing the first domestic drone permits in September 2015."
itwbennett writes "We've all had a chuckle over Google's autocomplete results for various search queries. But one German businessman had a less funny experience when he searched for his name on Google.de: The autocomplete suggested search terms where his name was tied with 'Scientology' and 'fraud' (in German, of course). This was back in 2010. In 2012, a German court ruled that the autocomplete terms did not infringe the plaintiff's privacy. Now, a year later, the Federal Court of Justice in Karlsruhe has overturned that ruling and ordered that Google remove offensive search suggestions when notified."
An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."