I Don't Believe in Imaginary Property writes "Malware writers have been obfuscating their JavaScript exploit code for a long time now and SANS is reporting that they've come up with some new tricks. While early obfuscations were easy enough to undo by changing eval() to alert(), they soon shifted to clever use of arguments.callee() in a simple cipher to block it. Worse, now they're using document.referrer, document.location, and location.href to make site-specific versions, too. But SANS managed to stop all that with an 8-line patch to SpiderMonkey that prints out any arguments to eval() before executing them. It seems that malware writers still haven't internalized the lesson of DRM — if my computer can access something in plaintext, I can too."

I Don't Believe in Imaginary Property writes "The war against the alt.* hierarchy of Usenet continues as NY Attorney General Andrew Cuomo has convinced two more ISPs to drop access to part of Usenet. They've also set up the website NY Stop Child Porn, and convinced California to join them in the fight. In some sense, this is rather like bulldozing the slums to fight crime; sure, it might get rid of a lot of undesirables, but it also affects many innocent people, and everyone will now start migrating elsewhere in droves. The article notes, 'Cuomo's new web site signifies that he's clearly not done yet. It includes contact information for 20 ISPs that presumably operate in New York, and text of a letter to send to them to urge that they sign on to the campaign.' And you thought the Eternal September was bad..."

zehnra writes "The U.S. Senate this afternoon passed the FISA Amendments Act, broadly expanding the president's warrantless surveillance authority and unconstitutionally granting retroactive immunity to telecommunications companies that participated in the president's illegal domestic wiretapping program. The House of Representatives passed the same bill last month, and President Bush is expected to sign the legislation into law shortly." The New York Times has a story, as does the Associated Press (carried here by Yahoo!). Reader Guppy points out the roll call for the vote.

I Don't Believe in Imaginary Property writes "With the telecoms all but assured of amnesty for their participation in illegal spying, there's now one last amendment in their way — the Bingaman amendment. Because President Bush is unwilling to sign FISA reform without immunity, and because Blue Dog Democrats fear for their reelection unless FISA reform as a whole passes, most compromise positions are already off the table. So the new amendment seeks to sidestep part of the problem by moving it to a later date. It would put the court cases and amnesty provision on hold until a report is completed detailing exactly what happened, allowing Congress to consider denying amnesty at that time. There's an EFF campaign to support both this and the Dodd-Feingold amendment, which would strip immunity altogether."

tpaudio writes "The ACLU and the EFF are suing the Department of Justice over how the government might be using GPS and location data from cell phones. With over 200 million Americans carrying cell phones, this could be pretty important for setting guidelines. We have already seen other frightening powers related to cell phones, such as 'cell mic tapping.'" The ACLU press release is also available, and it contains links to the complaint and the Freedom of Information Act request. We've previously discussed instances of cell phone tracking in the US and elsewhere.

psyopper writes "Google will have to turn over every record of every video watched by YouTube users, including users' names and IP addresses, to Viacom, which is suing Google for allowing clips of its copyright videos to appear on YouTube, a judge ruled Wednesday. Although Google argued that turning over the data would invade its users' privacy, the judge's ruling (.pdf) described that argument as 'speculative' and ordered Google to turn over the logs on a set of four terabyte hard drives." Update: 07/03 18:05 GMT by T : Brian Aker, now of MySQL but long ago Slashdot's "database thug," writes a journal entry on how companies could intelligently treat such potentially sensitive user data.

I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

I Don't Believe in Imaginary Property writes "Members of this community may want to venture out of the basement more often, because Dr. Harald Dobnig and his team have found that vitamin D deficiency leads to increased mortality. These results still hold when they take into account such factors as exercise and heart disease. Low vitamin D status has 'other significant negative effects in terms of incidence of cancer, stroke, sudden cardiac death and death of heart failure,' Dr. Dobnig said. The evidence of ill effects from low vitamin D 'is just becoming overwhelming at this point.' Vitamin D3 is usually produced by exposure to the UV-B in sunlight, but in high latitudes, especially in the fall and winter, insufficient UV-B gets through the atmosphere to produce enough vitamin D3, even with hours of exposure. The researchers are recommending that people at risk for deficiency take 800 IU of vitamin D3 daily. Just don't go overboard — as a fat-soluble vitamin, D3 is more capable of causing adverse effects at unnaturally high dosages. The human body tops out at producing about 10,000 IU per day." According to the Wikipedia entry linked above, the D2 (ergocalciferol) version -- available as a vegan product -- works approximately as well to supply humans with their needed vitamin D.

Bimo_Dude writes "Today (June 20), Steny Hoyer is bringing to the House floor the latest FISA bill (PDF), which includes retroactive immunity for the telcos. The bill also is very weak on judicial review, allowing the telcos to use a letter from the president as a 'get out of liability free' card. Here are comments from the EFF. Glenn Greenwald, writing in Salon, describes the effect of the immunity clause this way: 'So all the Attorney General has to do is recite those magic words — the President requested this eavesdropping and did it in order to save us from the Terrorists — and the minute he utters those words, the courts are required to dismiss the lawsuits against the telecoms, no matter how illegal their behavior was.'"

An anonymous reader writes "This just in: a new 'compromise' FISA Bill (PDF) was just made public, which, the Electronic Frontier Foundation reports, 'contains blanket immunity for telecoms that helped the NSA break the law and spy on millions of ordinary Americans.' The House vote is tomorrow, June 20. After all the secret rooms and everything ... if they get immunity and the public never finds out what happened, the only other logical next step is to convince everyone I know not to get an iPhone." CNN covers this get-out-of-lawsuit play as well.

DJMajah writes "Universal Music Group's case against Troy Augusto, fought by the Electronic Frontier Foundation, has been dismissed by a federal judge. UMG sued Augusto, the owner of Roast Beast Music, over 26 eBay listings of promotional CDs. UMG argued that promo CDs distributed for free to radio stations, DJs and other industry insiders could not be resold; the discs usually carry a label reading 'For promotional use only, not for resale.' UMG asserted the doctrine of first sale does not apply, as the discs were not actually sold and therefore remained UMG's property. The judge ruled that the doctrine does apply because the discs were gifts. The labels indicate no expectation of their return."

snydeq writes "The EFF and the Association of Corporate Travel Executives have filed an amicus brief with the 9th Circuit Court of Appeals requesting that the full court rehear and reverse a three-judge ruling (PDF) that empowers border agents routinely to search files on laptops and mobile devices. The case in question involves US citizen Michael Arnold, who, returning from the Philippines in July 2005, had his laptop confiscated at LAX by custom officials after they opened files in folders marked 'Kodak Pictures' and 'Kodak Memories' and found photos of two naked women. Later, when Arnold was detained, officials uncovered photo files on Arnold's laptop that they believed to be child pornography. In addition to raising Fourth Amendment issues, the amicus brief (PDF) reiterates the previous District Court ruling on Arnold's case regarding the difference between computers and gas tanks, suitcases, and other closed containers, 'because laptops routinely contain vast amounts of the most personal information about people's lives — not to mention privileged legal communications, reporters' notes from confidential sources, trade secrets, and other privileged information.'"

I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."

Last week we took nominations for a Slashdot category at the SourceForge Community Choice awards. Our category was 'Most Likely to be Shut Down By Government Agency'. Your nominations were tallied, and we arbitrarily selected a few that we think are the best. Today is the day where you can at long last determine the winner, using the incredibly scientifically accurate Slashdot Poll. Our nominees are Truecrypt, EFF Patent Busting, GNU Software Radio, WikiLeaks, Cryptome.org, Tor, Freenet, and CowboyNeal.

I Don't Believe in Imaginary Property writes "Scientists P. Neumann, N. Mizuochi & co. have advanced quantum computing by finding a new method to get two-way and three-way, high quality quantum correlations that persist for hundreds or thousands of microseconds, even at room temperature. Their paper (subscription required) describes how they manipulated electrons from nitrogen vacancies in diamond using microwaves to entangle adjacent carbon-13 nuclei. Even better, this builds on previous results which indicate that diamonds with nitrogen impurities may be the key to creating useful quantum computing devices. The article provides a good description of what nitrogen vacancies are and why they prove useful."

I Don't Believe in Imaginary Property writes "While there have been shifting reports about McCain's view on warrantless wiretapping, nothing could be clearer than the latest comment by McCain adviser Doug Holtz-Eakin, who said, 'We do not know what lies ahead in our nation's fight against radical Islamic extremists, but John McCain will do everything he can to protect Americans from such threats, including asking the telecoms for appropriate assistance to collect intelligence against foreign threats to the United States as authorized by Article II of the Constitution.' Article II, of course, is what Bush has argued gives the President virtually unlimited power during war, and McCain has already voted in favor of Telecom Immunity, though he sometimes mentions, to those asking for accountability, wanting to hold hearings about what the telecoms did."

I Don't Believe in Imaginary Property writes "The rumors of a fourth OOXML complaint turned out to be true. Denmark has become the fourth nation to protest the ISO's acceptance of OOXML, and Groklaw has a translation of their complaint. They now join India, Brazil, and South Africa. There are going to be plenty of questions about deadlines, because people have been given two different deadlines for appeals, and the final DIS of OOXML was late in being distributed and not widely available. In fact, that seems to be one of Denmark's complaints, along with missing XML schemas, contradictory wording, lack of interoperability, and troubles with the maintenance of DIS29500. In other words, we should expect a lot of wrangling over untested rules from here on out, and Microsoft knows how to deal with that."

I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."

I Don't Believe in Imaginary Property writes "India is now the third country to appeal the ISO's approval of OOXML, with their appeal arriving just before the deadline last night. According to PC World, this makes OOXML the first BRM process under ISO/JTC 1 to be appealed, which leaves us in uncharted territory. Although there was substantial confusion in the comments on yesterday's story, Brazil is really appealing, not merely disapproving, of OOXML, having sent a letter that begins with 'The Associação Brasileira de Normas Técnicas (ABNT), as a P member of ISO/IEC/JTC1/SC34, would like to present, to ISO/IEC/JTC1 and ISO/IEC/JTC1/SC34, this appeal for reconsideration of the ISO/IEC DIS 29500 final result.' Groklaw speculates that this may have something to do with Microsoft hedging their bets by supporting ODF 1.1 in Office 2007, though we probably won't see any more countries appeal now that the deadline has passed."

I Don't Believe in Imaginary Property writes "You can't make stuff like this up. The EU is actually testing a prototype system of cameras in airplanes to monitor passengers' facial expressions in order to detect both terrorism and 'air rage.' The Security of Aircraft in the Future European Environment (SAFEE) project used an Airbus A380 fuselage with six wide-angle cameras to watch for people running or loitering near the cockpit door, as well as a camera in the back of every seat to watch for facecrime like sweating too much, or acting nervous. But that's okay, because the system won't alert anyone until it sees a 'combination of signs,' instead of just one stray expression, or they might accidentally catch a lot of people who are afraid of flying or of being watched."