Wikibooks Cryptography Textbook: Via Schneier on Security.

Over at Wikibooks, they're trying to write an open source cryptography textbook.

Read Original Article:(Via Schneier on Security.)

Correcting Errors and Making Changes: Via Freedom to Tinker.

[This is the fourth post in a series on best practices for government datasets by Harlan Yu and me. (previous posts: 1, 2, 3)]

Even cautiously edited datasets sometimes contain errors, and even meticulously produced schemas require refinement as circumstances change. While errors or changes create inconvenience for developers, most developers appreciate and prepare for their inevitability. Agencies should strive to do the same. A well-developed strategy for fixes and changes can ease their burden on both developers and agencies.

When agencies release data, developers ideally will interact with it in creative new ways. Given datasets containing megabytes to gigabytes of data, novel uses will reveal previously unnoticed errors. Knowledge of these errors benefits the agency as well as other developers using the data, so agencies should take steps to encourage error reporting. Labels in a dataset allow developers to specify errors efficiently and unambiguously. An easy-to-find channel for reporting errors, such as a prominently provided email address or web form, is also critical. Tracking down the contact information of the person responsible for a dataset can be difficult, and a well-known channel reduces this barrier to feedback. [ Read more ... ]

Serious Apache Exploit Discovered: Via Slashdot.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit."
Note: according to the advisory, this exploit is exclusive to Windows.

Read Original Article:(Via Slashdot.)

Wikileaks Closes Operations Temporarily Due to Budget Woes: Via Threat Level.

Wikileaks, the controversial whistleblower site, has temporarily shuttered its operations due to a dearth of funds to meet its operating costs.

The site announced last December that it planned to temporarily cease operations, save for its anonymous submission tool, until it could raise money for its operating costs.

But it has so far been unable to meet those needs. The site’s annual costs are $200,000 — $600,000 if staff is paid — but it has raised only $130,000 so far. The site will remain closed to allow administrators to focus on fundraising efforts.

A note on the web site’s main page reads: We protect the world — but will you protect us? [ Read more ... ]

High Value Data Sets in the Wild: Via CDT - Center for Democracy & Technology..

Friday marked the first set of deadlines for agencies set by the Open Government Directive - and the White House has delivered the first set of data sets from agencies. The new data sets represent all cabinet-level departments, from tire safety ratings to workplace injury data.
 
It's hard to decide what a "high value data set" is, exactly. For some, data about contracts is most important, or information about FOIA requests. Maybe for the agency employees, the menu in the cafeteria is the most useful data set. It does look like there are a number of very useful data sets here and we are interested to see what people do with the National Treasures data set. Of course, there are some data sets that are clearly high value to the public. [ Read more ... ]

U.S. Diverts Spy Drone from Afghanistan to Haiti: Via Danger Room.

As part of the Haiti relief effort, the U.S. military is sharing imagery from one of its high-end, high-flying spy drones, the RQ-4 Global Hawk.

This image, shot yesterday by a Global Hawk, shows damage to the National Cathedral in Port-au-Prince. U.S. Southern Command is sharing the images so that non-governmental organizations (NGOs) and relief groups can get a better picture of the situation on the ground.

Danger Room pal Paul McCleary has much, much more detail at Ares. Colonel Bradley Butz, with the Air Force’s 480th Intelligence, Surveillance and Reconnaissance Wing told at McCleary that the Global Hawk was originally supposed to fly over Afghanistan, but was retasked yesterday to Haiti, where it spent 14 hours on station and shot hundreds of images.

“Today we’re going after another 1,000 images, which will all be unclassified,” McCleary quotes Butz as saying. “SOUTHCOM will provide it to whoever needs it.” [ Read more ... ]

2009 Predictions Scorecard: Via Freedom to Tinker.

As usual, we’ll kick off the new year by reviewing the predictions we made for the previous year. Here now, our 2009 predictions, in italics, with hindsight in ordinary type.

(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

By tradition this is our first prediction, and it has always been accurate. Guess what our first 2010 prediction will be? Verdict: right.

(2) Patent reform legislation will come closer to passage in this Congress, but will ultimately fail as policymakers wait to determine the impact of the Bilski case's apparent narrowing of business model patentability.

Everyone agrees that patent reform is needed, but no specific bill is close to passage, and everyone is waiting for the Supreme Court's Bilski decision. Verdict: right.

(3) As lawful downloading of music and movies continues to grow, consumer satisfaction with lossy formats will decline, and higher-priced options that offer higher fidelity will begin to predominate. At least one major online music service will begin to offer music in a lossless format.

People seem to accept lossy formats. Verdict: wrong.

(4) The RIAA's "graduated response" initiative will sputter and die because ISPs are unwilling to cut off users based on unrebutted accusations. Lawsuits against individual end-user infringers will quietly continue. [ Read more ... ]

Suricata Beta Available for Download!!: Via The Open Information Security Foundation.

It's been about three years in the making, but the day has finally come! We have the first release of the Suricata Engine! The engine is an Open Source Next Generation Intrusion Detection and Prevention Tool, not intended to just replace or emulate the existing tools in the industry, but to bring new ideas and technologies to the field.

The OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members. 

The Suricata Engine and the HTP Library are available to use under the GPLv2. 

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. [ Read more ... ]

Hackers show it's easy to snoop on a GSM call: Via Computerworld Security News.

Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools.

In a presentation given Sunday at the Chaos Communication Conference in Berlin, researcher Karsten Nohl said that he had compiled 2 terabytes worth of data -- cracking tables that can be used as a kind of reverse phone-book to determine the encryption key used to secure a GSM (Global System for Mobile communications) telephone conversation or text message.

While Nohl stopped short of releasing a GSM-cracking device -- that would be illegal in many countries, including the U.S. -- he said he divulged information that has been common knowledge in academic circles and made it "practically useable." [ Read more ... ]

Hackers Brew Self-Destruct Code to Counter Police Forensics: Via Threat Level.

Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.

The hacker tool, dubbed DECAF, is designed to counteract the Computer Online Forensic Evidence Extractor, aka COFEE. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run from a script. Microsoft combined the programs into a portable tool that can be used by law enforcement agents in the field before they bring a computer back to their forensic lab. The script runs on a USB stick that agents plug into the machine.

The tools scan files and gather information about activities performed on the machine, such as where the user surfed on the internet or what files were downloaded. [ Read more ... ]

USA Technologies Attempts to Out Anonymous Online Critics, Runs Into New California Fee Statute: Via EFF.org Updates.

A Pennsylvania publicly-traded company has become the latest corporate entity to use the legal system in an attempt to out an anonymous online critic, and EFF is defending the critic with the help of the First Amendment as well as an important new California statute. USA Technologies, based in Malvern, Pennsylvania, recently filed a federal lawsuit against two Yahoo! message board posters who roundly criticized what they claim is the consistently poor performance of USA Technologies' management. The criticism highlighted plummeting stock prices of the company as well as the high compensation rates for management of the company that has been consistently unprofitable. [ Read more ... ]

It’s Alive! Hollywood Claims Pirate Bay Tracker Lives: Via Threat Level.

Did The Pirate Bay really shutter its tracker, as claimed on Tuesday?

The Motion Picture Association doesn’t think so.

Hollywood’s overseas lobbying organization claims OpenBitTorrent, billed as an independent “open tracker project,” was actually established by one of The Pirate Bay’s founders.

“OpenBitTorrent is used for file sharing, and we suspect that it is the Pirate Bay tracker with a new name. It is added by default on all of the torrent tracker files on Pirate Bay,” Hollywood attorney Monique Wadsted told Swedish media.

Wadsted, TorrentFreak notes, said the tracker’s domain was originally registered by Fredrik Neij, one of the four Pirate Bay co-founders.

On its website, OpenBitTorrent denies it’s The Pirate Bay’s tracker: [ Read more ... ]

Browse Anonymously on Your Android Phone With Tor: Via OStatic.

Many people use the open source application Tor on the desktop for anonymous browsing sessions. Thanks to a grant from the UC Berkeley Human Rights Center Mobile Challenge and the team behind The Guardian Project, now Android mobile phone owners can use Tor to browse privately on their handheld devices, too.

"We have successfully ported the native C Tor app to Android and built an Android application bundle that installs, runs and provides the glue needed to make it useful to end users…. secure, anonymous access to the web via Tor on Android is now a reality," writes Guardian Project team member Nathan Freitas. [ Read more ... ]

Sneaky Microsoft plug-in puts Firefox users at risk: Via computerworld.

Patches critical bug, exploitable because of add-on silently slipped into Firefox last February

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site. [ Read more ... ]

Introducing FedThread: Opening the Federal Register: Via Freedom to Tinker.

Today we are rolling out FedThread, a new way of interacting with the Federal Register. It's the latest civic technology project from our team at Princeton's Center for Information Technology Policy.

The Federal Register is "[t]he official daily publication for rules, proposed rules, and notices of Federal agencies and organizations, as well as executive orders and other presidential documents." It's published by the U.S. government, five days a week. The Federal Register tells citizens what their government is doing, in a lot more detail than the news media do.

FedThread makes the Federal Register more open and accessible. FedThread gives users: [ Read more ... ]

RECAP(ing) PACER: Via CDT - PolicyBeta.

While we often concentrate on the Executive and Legislative branches when we talk about government transparency, the federal court system lags behind them both. The Public Access to Court Electronic Records (PACER) system - the only online source for “public” court documents - is hardly a modern system for openness. Sure, it was when it launched several years ago, but it has fallen far behind the times. In order to access court records, users must use a confusing and outdated system to pay eight cents per page for PDFs of court documents.

A new project from Princeton University’s Center for Information Technology Policy aims to “turn PACER around” with a Firefox extension called RECAP. This extension is crowd-sourcing the task of making documents available, letting users know when a document can be had for free at the RECAP archive and letting users donate documents they purchase to the free collection. [ Read more ... ]

CDT Releases Update to Browser Privacy Report: Via CDT - PolicyBeta.

Less than a year ago, CDT released the Browser Privacy Features report that compared the privacy tools in Firefox, Internet Explorer, Chrome, and Safari. The browser vendors have been busy since then, with this year seeing the release of Firefox 3.5, Safari 4, and Internet Explorer 8 (now out of beta). With the release of these new browser versions have come advances on privacy controls–for example, Firefox 3.5 has incorporated a Private Browsing mode. CDT is pleased to release the Browser Privacy Features report, version 2.0 in light of the changing landscape. [ Read more ... ]

Help Protesters in Iran: Run a Tor Bridge or a Tor Relay: Via EFF.org Updates.

As turmoil over the disputed election in Iran continues, many techs are trying to find ways to help Iranian citizens safely communicate and receive information despite the barriers being established by Iranian authorities. One tactic that even moderately tech-savvy Internet users can employ is to set up a Tor relay or a Tor bridge.

More sophisticated users can skip this paragraph, but for the rest, here's the basic outline. Tor (an acronym of "The Onion Router") is free and open source software that helps users remain anonymous on the Internet. Normally, when accessing websites, your computer asks for and receives a webpage out in the open, a process that exposes your IP address, the URL of the website, and the contents of the site, among other information to third parties. When accessing websites while using Tor, your computer essentially whispers its requests for a website, to another computer, which passes the request on to another computer, which passes it on to another computer, which passes it onto the computer where the website is hosted; the reply returns in the same, chain-message manner. The whispers are encrypted, so that neither outside authorities, nor the computers in the middle of the chain, can tell what is being said, and to whom. And the website itself does not have your IP address either.

Internet users in Iran are using Tor to both (a) circumvent censorship systems and (b) remain anonymous while reading and writing on the Internet. Both are critically important to the safety of protesters, many of whom fear retaliation from the government. Preliminary reports indicate that use of the Tor client in Iran has increased in the days after the contested election. [ Read more ... ]

Tor: anonymity online: Via The TOR Project.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol. [ Read more ... ]

Anonymous Blogging with Wordpress & Tor: Via Global Voices Advocacy .

An early draft of this guide was written by Ethan Zuckerman on April 13, 2005 and updated on October 1, 2006. On August 8, 2007 Global Voices Advocacy published an updated and linkable, blogging-friendly, HTML version of the guide, along with a downloadable PDF file. On March 10th, 2009, the guide has been updated once again so that all the tips are also compatible with Tor's recent update. [ Read more ... ]

PortableApps.com - Portable software for USB drives.

Now you can carry your favorite computer programs along with all of your bookmarks, settings, email and more with you. Use them on any Windows computer. All without leaving any personal data behind.

PortableApps.com provides a truly open platform that works with any hardware you like (USB flash drive, iPod, portable hard drive, etc). It's open source built around an open format that any hardware vendor or software developer can use.

Read Original Article)

Christine Peterson - Open Source Physical Security: Can We Have Both Privacy and Safety?: Via IT Conversations.

Christine Peterson is a founder and Vice-President of Foresight Institute, and focuses effort on educating the public on nanotechnology issues. In this emotionally-charged presentation at the O'Reilly Open Source Convention, Peterson lays out the potential privacy concerns of using nanotechnology and closed-source software to monitor for a future terrorist attack.

Read Original Article:(Via IT Conversations.)

Security Fix - Microsoft Update Quietly Installs Firefox Extension: Via Security Fix - Voices at The Washington Post.

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser.

Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows. [ Read more ... ]

DC3 Challenge.

DC3 Challenge is a call to the digital forensics community to pioneer new investigative tools, techniques and methodologies. [ Read more ... ]

Apps for America 2: The Data.gov Challenge: Via Sunlight Foundation Labs.

Apps for America 2: The Data.gov Challenge

What it Is

Apps for America is a special contest we're putting on this year to celebrate the release of Data.gov! We're doing it alongside Google, O'Reilly Media, and TechWeb and the winners will be announced at the Gov 2.0 Expo Showcase in Washington, DC at the end of the Summer.

Why we're doing it

Just as the federal government begins to provide data in Web developer-friendly formats, we're organizing Apps for America 2: The Data.gov Challenge to demonstrate that when government makes data available, it makes itself more accountable and creates more trust and opportunity in its actions. [ Read more ... ]