By timothy from Slashdot's they'll-get-you-next-time department
The EFF is only today able to release details of an attempt by the government to alter the historical record in the case brought by the EFF against the NSA in Jewel v. NSA. "On June 6, the court held a long hearing in Jewel in a crowded, open courtroom, widely covered by the press. We were even on the local TV news on two stations. At the end, the Judge ordered both sides to request a transcript since he ordered us to do additional briefing. But when it was over, the government secretly, and surprisingly sought permission to "remove" classified information from the transcript, and even indicated that it wanted to do so secretly, so the public could never even know that they had done so."
As you'd expect of the EFF, they fought back with vigorous objections, and in the end the government did not get its way, instead deciding that it hadn't given away any classified information after all."The transcript of a court proceeding is the historical record of that event, what will exist and inform the public long after the persons involved are gone. The government's attempt to change this history was unprecedented. We could find no example of where a court had granted such a remedy or even where such a request had been made. This was another example of the government's attempt to shroud in secrecy both its own actions, as well as the challenges to those actions. We are pleased that the record of this attempt is now public. But should the situation recur, we will fight it as hard as we did this time."Read Replies (0)
By timothy from Slashdot's spawning-ideas department
Today's interview guest is literally a household name: If you look at the shelves in nearly any programmer's house, developer shop or hackerspace, you'll probably see a stretch of books from O'Reilly Media (or O'Reilly & Associates, depending on how old the books are). Tim O'Reilly
started out publishing a few technical manuals in the late '70s, branching from there into well-received technical reference and instructional books, notably ones covering open source languages and operating systems (how many people learned to install and run a new OS from Matt Walsh's Running Linux
?), but neither Tim O'Reilly nor the company has gotten stuck in one place for long. As a publisher, he was early to make electronic editions available, in step with the increasing capabilities of electronic readers. Make Magazine
(later spun off as part of Maker Media, which also produces Maker Faires around the world) started as an O'Reilly project; the company's conferences like OSCON
, Fluent, and this year's Solid
are just as much a manifestation of O'Reilly's proclivity for spreading knowledge as the books are, and those are only part of the picture, being joined with seminars, video presentations, and more. Tim O'Reilly is often hailed as a futurist and an activist (he was an early proponent of 3-D printing and hardware hacking, and a loud voice for patent reform) and he's got his eye on trends from global (how the Internet functions) to more personal -- like ways that physical goods can be produced, customized, and networked. So please go ahead and ask O'Reilly about what it's been like to be a publisher of paper books in an ever-more electronic world, as well as a visionary in the world of DIY and fabrication, or anything else on your mind. As usual, ask as many questions as you'd like
, but please, one per post.Read Replies (0)
By Roblimo from Slashdot's crowdsourcing-at-its-finest department
is a non-profit software company that develops free and open-source software (LGPL) for information collection, visualization, and interactive mapping. Ushahidi (Swahili for 'testimony' or 'witness') created a website in the aftermath of Kenya's disputed 2007 presidential election (see 2007–2008 Kenyan crisis
) that collected eyewitness reports of violence reported by email and text message and placed them on a Google Maps map." Ushahidi has also been used to map some of the BP oil spill damage in Louisiana
and many other events both positive and negative around the globe. This is a mature project, headquarted in Kenya, that recently spun out the BRCK
, a "go anywhere, do anything, self-powered, mobile WiFi device," which looks like it would be useful in bringing Internet connectivity to places where the electricity supply is unreliable. || According to Ushahidi
, today's interviewee, Rob Baker
, "is responsible for overseeing company deliverables and is a lead on communications strategies. Previously, with a 10-year background in software development and with his field experience for aid programs, Rob was a lead for Ushahidi deployments around the world, primarily working in East Africa, the Middle East, and the Caribbean. He’s spoken at the United Nations, World Bank, government, hackathons, and at technical conferences." (Alternate Video Link
)Read Replies (0)
By Unknown Lamer from Slashdot's get-your-60day-exploits department
About six weeks ago, a hole
in Paypal's two factor authentication and their mobile client was discovered. hypnosec (2231454)
wrote in with news of another trivial way to bypass Paypal's two-factor authentication
. A bug in a feature for eBay integration allows passing a GET parameter to completely bypass two-factor authentication, and you don't even need to be coming from eBay to use it. You still need the password, but additional protection is lost. From the article: eBay, in conjunction with Paypal, provide a service as to where you can link your eBay account to your Paypal account, and when you sell something on eBay, the fees automatically come out of your Paypal account. ... When you are redirected to the login page, the URL contains "<tt>=_integrated-registration</tt>." ... Once you're actually logged in, a cookie is set with your details, and you're redirected to a page to confirm the details of the process. And this is where the exploit lays. Now just load http://www.paypal.com/ , and you are logged in, and don't need to re-enter your login.
So, the actual bug itself is that the "<tt>=_integrated-registration</tt>" function does not check for a 2FA code, despite logging you into Paypal.
You could repeat the process using the same <tt>"=_integrated-registration</tt>" page unlimited times.Read Replies (0)
By Unknown Lamer from Slashdot's go-long department
Despite a failed attempt to have charges dismissed
, the alleged Silk Road operator Ross Ulbricht's lawyer has filed a new motion to have evidence dismissed, citing recent court rulings
in an argument that the Silk Road related searches were overly broad. From the article:
Dratel [Ulbricht's lawyer] argues in his 102-page motion filed last Friday that "the government conducted a series of 14 searches and seizures of various physical devices containing electronically stored information ('ESI'), and of ESI itself from Internet providers and other sources. Some of the ESI was obtained via search warrant, but other ESI was obtained via court order, and still other ESI was obtained without benefit of any warrant at all." ...
The defense lawyer argues that even the searches for which the government had a warrant were overbroad and based on evidence that may have been obtained illegally. The attorney writes: " As set forth ante, all of the searches and seizures conducted pursuant to warrants and/or orders were based on the initial ability of the government to locate the Silk Road Servers, obtain the ESI on them, and perform extensive forensic analysis of that ESI. Thus, all subsequent searches and seizures are invalid if that initial locating the Silk Road Servers, obtaining their ESI, and gaining real-time continued access to those servers, was accomplished unlawfully."Read Replies (0)