By Soulskill from Slashdot's busy-as-a-klingon-at-a-tribble-farm department
An anonymous reader writes "U.S. Magistrate Judge Stephen Smith estimates in a new paper (PDF) that 30,000 secret surveillance orders are approved each year in U.S. courts. 'Though such orders have judicial oversight, few emerge from any sort of adversarial proceeding and many are never unsealed at all.' Smith writes, 'To put this figure in context, magistrate judges in one year generated a volume of secret electronic surveillance cases more than thirty times the annual number of FISA cases; in fact, this volume of ECPA cases is greater than the combined yearly total of all antitrust, employment discrimination, environmental, copyright, patent, trademark, and securities cases filed in federal court.' He also adds a warning: 'Lack of transparency in judicial proceedings has long been recognized as a threat to the rule of law and roundly condemned in ringing phrases by many Supreme Court opinions.'"Read Replies (0)
By timothy from Slashdot's trustworthy-computing-of-course department
wiredmikey writes "As more research unfolds about the recently discovered Flame malware, researchers have found three modules – named Snack, Gadget and Munch – that are used to launch what is essentially a man-in-the-middle attack against other computers on a network. As a result, Kaspersky researchers say when a machine attempts to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake malicious Windows Update to the client. That is courtesy of a rogue Microsoft certificate that chains to the Microsoft Root Authority and improperly allows code signing. According to Symantec, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. The findings have prompted Microsoft to say that it plans to harden Windows Update against attacks in the future, though the company did not immediately reveal details as to how."
And an anonymous reader adds a note that Flame's infrastructure is massive
: "over 80 different C&C domains, pointed to over 18 IP addresses located in Switzerland, Germany, the Netherlands, Hong Kong, Poland, the UK, and other countries."Read Replies (0)