m Quec.lim's republished posts.http://quec.li/~m /Boston Marathon 2014http://blogs.law.harvard.edu/philg/2014/04/21/boston-marathon-2014/http://blogs.law.harvard.edu/philg/?p=5865Mon, 21 Apr 2014 22:18:00 -0400<p>I took <a href="http://philip.greenspun.com/greta/">a special (to me) four-year-old</a> to see her first Boston Marathon in Coolidge Corner, Brookline today. The security around the race was very impressive. An <a href="http://www2.epa.gov/emergency-response/aspect">EPA ASPECT</a> Cessna Caravan with a tricked-out exhaust system was operated all week from Hanscom Field to look for chemical and radioactive contamination. Coast Guard and U.S. Army Blackhawks flew back and forth overhead in formations of up to five helicopters (at about $25,000 per flight hour per helicopter, according to <a href="http://nation.time.com/2013/04/02/costly-flight-hours/">TIME Magazine</a>). A friend asked &#8220;Did you feel safer?&#8221; My response: &#8220;Given that the Tsarnaev brothers were armed with two pressure cookers and one pistol, the security for this marathon has the same rational basis as a person who is attacked with a kitchen knife and expects the next attack to come from a nuclear-powered submarine.&#8221;</p> <p>What if the Tsarnaevs had some cousins who had wanted to attack this marathon in the same way that the 2013 event was spoiled? The authorities absolutely forbade backpacks, potentially filled with explosives, from being carried near the finish line. But there was no such prohibition on bags and backpacks elsewhere on the route. Greta and I watched from Coolidge Corner, amidst hundreds of other spectators and passed by clumps of as many as 50 runners. At our feet? A large backpack.</p> <p>[Note: I believe that the backpack belonged to a young woman who was hoping to cross the route to get to her job at Trader Joe's. But she had been waiting there for 30 minutes and there was nobody to stop her from walking away and leaving the backpack.]</p> <p>Favorite T-shirt: <a href="http://www.spreadshirt.com/keep-calm-and-marathon-t-shirts-C3376A13350379">&#8220;Keep Calm and Marath On&#8221;</a> (each word on its own line)</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D5865US Judge gives FTC thumbs-up to SUE firms over data breacheshttp://go.theregister.com/feed/www.theregister.co.uk/2014/04/12/judge_oks_ftv_v_wyndham_lawsuit/tag:theregister.co.uk,2005:story/2014/04/12/judge_oks_ftv_v_wyndham_lawsuit/Fri, 11 Apr 2014 20:23:00 -0400<strong>m</strong>: <em>From the article:<br /> <br /> The FTC alleges that Wyndham's practices were "unfair" because they were "likely to cause substantial injury to consumers that consumers cannot reasonably avoid themselves." The agency also says Wyndham's privacy policy led customers to believe their sensitive data was more secure than it was, which the FTC claims was "deceptive."<br /> </em><h4>If you don't take 'reasonable and appropriate' measures, get ready for court</h4> <p>In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power.?</p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' -->http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2014%2F04%2F12%2Fjudge_oks_ftv_v_wyndham_lawsuit%2FHeartbleed and passwords: don?t panichttps://freedom-to-tinker.com/blog/jbonneau/heartbleed-and-passwords-dont-panic-2/https://freedom-to-tinker.com/?p=9818Fri, 11 Apr 2014 18:27:00 -0400http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D9818Heartbleed Explanationhttp://xkcd.com/1354/http://xkcd.com/1354/Fri, 11 Apr 2014 00:00:00 -0400<strong>m</strong>: <em>Unchecked bounds exceptions, a primer.<br /> </em><img src="http://imgs.xkcd.com/comics/heartbleed_explanation.png" title="Are you still there, server? It's me, Margaret." alt="Are you still there, server? It's me, Margaret." />http://quec.li/EntryComments?feed=http%3A%2F%2Fxkcd.com%2Frss.xml&entry=http%3A%2F%2Fxkcd.com%2F1354%2FThe First Photograph of an Execution by Electric Chairhttp://lightbox.time.com/2014/04/10/first-photo-electric-chair-execution/http://lightbox.time.com/?p=90701Thu, 10 Apr 2014 16:33:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D90701How to protect yourself from Heartbleedhttps://freedom-to-tinker.com/blog/felten/how-to-protect-yourself-from-heartbleed/https://freedom-to-tinker.com/?p=9774Wed, 09 Apr 2014 10:57:00 -0400<p>The Heartbleed vulnerability is one of the worst Internet security problems we have seen. I&#8217;ll be writing more about what we can learn from Heartbleed and the response to it. </p> <p>For now, here is a quick checklist of what you can do to protect yourself.</p> <p><strong>If you are a regular user:</strong></p> <p>Most of the sites you use were probably vulnerable. Your password might have been leaked from any one of them. Unless you&#8217;re sure that a site was <em>never</em> vulnerable, you should change your password on that site. (It&#8217;s not enough that a site is invulnerable <em>now</em>, because your password could have leaked before the site was fixed.)</p> <p>Yes, it&#8217;s a pain to change your passwords, but you were really meaning to change them at some point anyway, weren&#8217;t you? Now is a good time. (It&#8217;s also a good time to turn on two-factor authentication, on sites that offer it.)</p> <p>But, before you change your password on a site, you need to make sure that that site has closed any remaining vulnerability. Look for an unequivocal statement from the site that (1) they are no longer vulnerable and (2) they have changed the private encryption key they use to protect HTTPS traffic. Once you&#8217;re sure that they have done those two things, then you should go ahead and change your password on the site. If they haven&#8217;t done those two things, then it&#8217;s best to wait until they do. Make yourself a note to come back and check in a few days. </p> <p>The bad news is that some of your private information might have leaked from a vulnerable site. It will be very difficult to tell whether this happened, even for the site itself, and nearly impossible to undo a leak if it did happen. </p> <p><strong>If you run a website that supports HTTPS, and you run your own server:</strong></p> <ul> <li>Go to http://filippo.io/Heartbleed/ and enter the name of your site, to test whether your site is vulnerable. If you&#8217;re not vulnerable, you&#8217;re done. If you are vulnerable, carry out the following steps.</li> <li>Upgrade your server software to a non-vulnerable version. I can&#8217;t give you general advice on how to do this because it depends on which software you are running. Once you have done the upgrade, go back to http://filippo.io/Heartbleed/ and verify that you are no longer vulnerable.</li> <li>After upgrading your software, generate a new SSL/TLS key and get a certificate for the new key. Start using the new key and certificate. (This is necessary because an attacker could have gotten your old key.)</li> <li>Revoke the certificate you were previously using. (This is necessary because an attacker who got your old key could be using your old key and certificate to impersonate your site.)</li> <li>Have your users change the passwords that they use to log in to your site. (This is necessary because users&#8217; existing passwords could have been leaked. You need to get your house in order by carrying out the previous steps, before users can safely change passwords.)</li> </ul> <p><strong>If you run a website that supports HTTPS, and you use a web hosting service:</strong><br /> In this case, the hosting service runs the web server that powers your site.</p> <ul> <li>Find out from the hosting service whether its server was ever vulnerable to Heartbleed attacks. If you&#8217;re confident that it was never vulnerable, then you&#8217;re good. Otherwise, carry out the following steps.</li> <li>Wait until the hosting service has upgraded its software to a non-vulnerable version. Once they have done the upgrade, you should be able to go to http://filippo.io/Heartbleed/ and enter the address of your site, and be told that it is not vulnerable. If this isn&#8217;t true yet, ask the hosting service to fix the problem, then wait a while and repeat.</li> <li>Once the hosting service has upgraded its software and the test site shows you as not vulnerable, generate a new SSL/TLS key and get a certificate for the new key. Start using the new key and certificate. (This is necessary because an attacker could have gotten your old key.)</li> <li>Revoke the certificate you were previously using. (This is necessary because an attacker who got your old key could be using your old key and certificate to impersonate your site.)</li> <li>If your site assigns passwords to users, have your users change the passwords that they use to log in to your site. (This is necessary because users&#8217; existing passwords could have been leaked. You need to get your house in order by carrying out the previous steps, before users can safely change passwords.)</li> </ul>http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D9774Heartbleedhttps://www.schneier.com/blog/archives/2014/04/heartbleed.htmltag:www.schneier.com,2014:/blog//2.5301Wed, 09 Apr 2014 06:03:00 -0400<strong>m</strong>: <em>Don't worry though! Many sites are guaranteeing that your data was not compromised, despite admitting that they were vulnerable.<br /> </em><p><a href="http://heartbleed.com/">Heartbleed</a> is a catastrophic bug in OpenSSL:</p> <blockquote><p>"The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.</p></blockquote> <p>Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.</p> <p>"Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.</p> <p>Half a million sites are <a href="http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html">vulnerable</a>, including my own. Test your vulnerability <a href="http://filippo.io/Heartbleed/">here</a>.</p> <p>The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.</p> <p>At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.</p> <p><a href="http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/">This article</a> is worth reading. Hacker News <a href="https://news.ycombinator.com/item?id=7548991">thread</a> is filled with commentary. XKCD <a href="https://xkcd.com/1353/">cartoon</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5301In Pakistan, Giant Photo Puts Face on Drone Strikeshttp://lightbox.time.com/2014/04/07/pakistan-giant-photo-drone/http://lightbox.time.com/?p=93389Mon, 07 Apr 2014 19:45:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D93389FIVE-year-old finds Xbox Live password backdoor, hacks into dad's accounthttp://go.theregister.com/feed/www.theregister.co.uk/2014/04/04/five_year_olds_xbox_live_password_hack/tag:theregister.co.uk,2005:story/2014/04/04/five_year_olds_xbox_live_password_hack/Fri, 04 Apr 2014 16:59:00 -0400<h4>Boy, they're starting young these days</h4> <p>A five-year-old has humbled Microsoft's security team by finding and exploiting a password bug in his Xbox to log into his father's Xbox Live account.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2014%2F04%2F04%2Ffive_year_olds_xbox_live_password_hack%2FCookies that give you away: The surveillance implications of web trackinghttps://freedom-to-tinker.com/blog/dreisman/cookies-that-give-you-away-the-surveillance-implications-of-web-tracking/https://freedom-to-tinker.com/?p=9732Fri, 04 Apr 2014 06:30:00 -0400http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D9732Watching the Watchers: Eerie, Playful Webcam Portraits by Jens Sundheimhttp://lightbox.time.com/2014/04/02/eerie-playful-security-camera-photos/http://lightbox.time.com/?p=90741Wed, 02 Apr 2014 13:04:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D90741Secure protocols for accountable warrant executionhttps://freedom-to-tinker.com/blog/felten/secure-protocols-for-accountable-warrant-execution/https://freedom-to-tinker.com/?p=9708Wed, 02 Apr 2014 07:22:00 -0400<p>Last week the press <a href="http://www.nytimes.com/2014/03/25/us/obama-to-seek-nsa-curb-on-call-data.html"> reported</a> that the White House will seek to redesign the NSA?s mass phone call data program, so that data will be held by the phone companies and accessed by the NSA, subject to a new warrant requirement. The Foreign Intelligence Surveillance Court will issue the warrants.</p> <p>Today Josh Kroll and I, with colleagues at Stanford University, released a <a href="http://www.cs.princeton.edu/~felten/warrant-paper.pdf">draft paper</a> on how to use cryptography to implement warrants to data in a secure, private, and accountable way. </p> <p>Our solution is a set of multi-party cryptographic protocols involving three primary parties: a data source who has data records, an investigator who wants access to data held by the data source, and a court (or other authorizer) who issues an order or warrant to authorize access to a record. For example, a phone company might be the data source, the NSA might be the investigator, and the Foreign Intelligence Surveillance Court might be the court that issues an order. Alternatively, an email provider might be the data source, an FBI agent might be the investigator, and a senior FBI official might act as the &#8220;court&#8221; that issues a National Security Letter. Although we use words like &#8220;court&#8221;, &#8220;order&#8221;, and &#8220;investigator&#8221;, the protocol has wider application to situations where Party A is authorizing Party B to access data held by Party C, with legally defined requirements for access.</p> <p>The protocol uses cryptography to guarantee several security, privacy, and accountability properties:</p> <ul> <li>When the court issues an order, it publishes a sealed version of the order. If challenged later, the court can unseal the order and reveal which record it covered.</li> <li>Until the order is unsealed, only the court and the investigator can see which record the order covers. If and when the order is unsealed, everyone can see which record it covered.</li> <li>The investigator does not learn the contents of any record, unless there is a valid order for that record and the court has published a valid sealed version of that order.</li> </ul> <p>A counterintuitive aspect of our protocols is that an order can be executed, thereby giving the investigator access to the record covered by the order, without the data source necessarily learning (at the time) which record the investigator accessed.</p> <p>These properties can be viewed as a set of checks on the power of the parties, to prevent any dishonest party from getting access to information without leaving a suitable trail. When the trail itself is supposed to be secret, the protocol aims for accountability&#8212;for example, the court can issue an unjustified order but the court must commit to the order so that the violation will be uncovered if the court?s actions are challenged later.</p> <p>Our paper gives more precise definitions of the desired properties, how the protocols work, and why the protocols achieve the desired properties. We build on the work of previous researchers, as cited in our paper, and we present several versions of the protocol, with different security properties.</p> <p>Our approach is feasible, even for very large data sets. Our paper describes our work on implementing one of our more advanced protocols, and we show by experiment that the protocol is reasonably fast even for data sets of national scope. We have released the <a href="http://www.cs.princeton.edu/~felten/warrant-benchmark.tar.gz">code</a> we used to do these performance measurements.</p> <p>We are releasing this paper now because there are important debates going on about how to organize lawful access to data by intelligence agencies. We want to make the point that technology allows these processes to be both more secure and more accountable. </p> <p>We urge policymakers to consider how cryptography can make warrant regimes more secure for all parties, and more accountable. Expert agencies within government, such as NIST, might provide input on these issues, in consultation with experts inside and outside of government.</p>http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D9708Odd NTP Attackhttp://www.prolixium.com/blog?id=1002http://www.prolixium.com/blog?id=1002Sat, 22 Mar 2014 20:19:00 -0400<p>We've all heard about the recent NTP reflection attacks. Last night I noticed a higher-than-normal traffic volume on <a href="http://www.prolixium.com/computers#nox">nox</a>, so I checked it out with tcpdump:</p> <p><em>Note, the first and second octets have been anonymized to protect the victim.</em></p> <pre>21:07:07.999600 IP &gt; NTPv3, Client, length 48 21:07:07.999608 IP &gt; NTPv3, Client, length 48 21:07:07.999617 IP &gt; NTPv3, Client, length 48 21:07:07.999625 IP &gt; NTPv3, Client, length 48 21:07:07.999712 IP &gt; NTPv3, Client, length 48 21:07:07.999722 IP &gt; NTPv3, Client, length 48 21:07:07.999730 IP &gt; NTPv3, Client, length 48</pre> <p>Yes, nox is a public NTP server. It's a member of the <a href="http://www.pool.ntp.org/">NTP Pool Project</a>. No, it's not susceptible to an NTP reflection attack. It looks like some poor soul at (looked like a SonicWALL when I poked around) was being attacked and the traffic above was being spoofed with the intention of having my server send back a reply that's much larger than the request. Here's a decode of one of the packets:</p> <pre>21:07:07.772681 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto UDP (17), length 76) &gt; [udp sum ok] NTPv3, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10s, precision -19 Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3604450027.692652940 (2014/03/21 21:07:07) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3604450027.692652940 (2014/03/21 21:07:07)</pre> <p>What's odd about this is the packet above looks like just a normal NTP query. Unlike most of the NTP reflection attacks that exploit the <em>monlist</em> or similar commands, this wasn't really going to have the desired effect. And, of course, if you look at the initial (before I blocked that source address with iptables) traffic volume, it certainly did not:</p> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/mynews/nox-ntp-attack-20140322.png" title="MRTG" alt="MRTG" /></p> <p>The desired effect, of course, should have been an outbound traffic volume that was greater than the inbound traffic volume, or amplified. In this case, my server was just sending back a 48 byte packet for every 48 byte packet coming in, albeit apparently slightly ratelimited by the NTP daemon.</p> <p>Was this a misconfigured DDoS bot? Did the attacker really not know what he or she was doing or missed <em>DDoS 101</em>? Or, was this traffic not actually spoofed and was a result of some broken NTP client? Maybe.</p> <p>Regardless, if this wasn't a misconfigured NTP client, <a href="http://tools.ietf.org/html/bcp38">BCP 38</a> would have prevented this from happening to begin with. I don't know where the traffic was originating, but I do know that it was from a network that probably doesn't implement BCP 38.</p> <p>Anyway, I thought this was a little odd so I figured I would share.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.prolixium.com%2Ffeed%3Fwhat%3Dmynews&entry=http%3A%2F%2Fwww.prolixium.com%2Fblog%3Fid%3D1002Why are there any long-term unemployed people? Or any unemployed people at all?http://blogs.law.harvard.edu/philg/2014/03/20/why-are-there-any-long-term-unemployed-people-or-any-unemployed-people-at-all/http://blogs.law.harvard.edu/philg/?p=5753Thu, 20 Mar 2014 16:32:00 -0400<p>Folks:</p> <p>Today&#8217;s New York Times has <a href="http://economix.blogs.nytimes.com/2014/03/20/unemployed-you-might-never-work-again/?_php=true&amp;_type=blogs&amp;hp&amp;_r=0">an article</a> about how long-term unemployed Americans may never work again. And they say that this may be due in part to employers discriminating against people whose resumes say &#8220;unemployed&#8221; or &#8220;big gap&#8221;. This raises the question of why there are any such resumes.</p> <p>I know a lot of people who are not working productively. They call themselves &#8220;entrepreneurs&#8221; and say that they are pulling together a startup. For about $500 they can even create an LLC so that their resume says &#8220;2013-present Big New Idea LLC: Founder and CTO&#8221; or whatever. That after a year or two their startup has not succeeded will not be held against them by a potential employer. After all, most startups fail or fizzle.</p> <p>A friend&#8217;s daughter was trying to get her first job. Employers didn&#8217;t want to hire her because she had no work experience or references. So I edited her resume to say &#8220;Jane Smith Landscaping&#8221; [not her real name!], hired her to do some yard work, and put my name and phone number down as a reference. Having planted some daffodil bulbs, she went to her next interview as a self-employed person looking for an indoor job for the winter. She was hired.</p> <p>Given that almost anyone can find work doing landscaping and call themselves a landscaping contractor, taking care of children and call themselves the founder of a child care center, etc., why are there resumes that say &#8220;I am unemployed.&#8221; If it is known that employers don&#8217;t like to hire the unemployed, why is anyone wearing a label that is essentially self-applied?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D5753Law enforcement in the United States: Armed and dangeroushttp://www.economist.com/news/leaders/21599359-no-knock-raids-assault-weapons-and-armoured-cars-americas-police-use-paramilitary-tactics-too?fsrc=rss%7Cleahttp://www.economist.com/news/leaders/21599359-no-knock-raids-assault-weapons-and-armoured-cars-americas-police-use-paramilitary-tactics-tooThu, 20 Mar 2014 12:01:00 -0400<p><div> <img src="http://cdn.static-economist.com/sites/default/files/imagecache/full-width/images/print-edition/20140322_LDP003_0.jpg" alt="" title="" width="595" height="335" /> </div>EARLY one morning a team of heavily armed police officers burst into the home of Eugene Mallory, an 80-year-old retired engineer in Los Angeles county. What happened next is unclear. The officer who shot Mr Mallory six times with a submachine gun says he was acting in self-defence?Mr Mallory also had a gun, though he was in bed and never fired it. Armed raids can be confusing: according to an investigation, the policeman initially believed that he had ordered Mr Mallory to ?Drop the gun? before opening fire. However, an audio recording revealed that he said these words immediately after shooting him. Mr Mallory died. His family are suing the police.Such tragedies are too common in America. One reason is that the police have become more militarised. Raids by Special Weapons and Tactics (SWAT) units used to be rare: according to Peter Kraska of Eastern Kentucky University there were only about 3,000 a year in the early 1980s. Now they are routine: perhaps 50,000 a year (see <a href="http://www.economist.com/news/united-states/21599349-americas-police-have-become-too-militarised-cops-or-soldiers" rel="nofollow">article</a>).These teams, whose members wear body armour...</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.economist.com%2Ffeeds%2Fprint-sections%2F69%2Fleaders.xml&entry=http%3A%2F%2Fwww.economist.com%2Fnews%2Fleaders%2F21599359-no-knock-raids-assault-weapons-and-armoured-cars-americas-police-use-paramilitary-tactics-too'Weev' attempts to overturn AT&amp;T iPad 'hack' convictionhttp://go.theregister.com/feed/www.theregister.co.uk/2014/03/20/weev_ipad_hack_appeal/tag:theregister.co.uk,2005:story/2014/03/20/weev_ipad_hack_appeal/Thu, 20 Mar 2014 11:56:00 -0400<h4>Insecure servers are publicly accessible, argue defence lawyers</h4> <p>Lawyers for Andrew "Weev" Auernheimer went to court on Wednesday to appeal his conviction in a high-profile iPad data leak case.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2014%2F03%2F20%2Fweev_ipad_hack_appeal%2FWhy is there any income limit on overtime regulations?http://blogs.law.harvard.edu/philg/2014/03/17/why-is-there-any-income-limit-on-overtime-regulations/http://blogs.law.harvard.edu/philg/?p=5731Mon, 17 Mar 2014 18:52:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D5731Feinstein: CIA searched Intelligence Committee computershttp://feeds.washingtonpost.com/c/34656/f/636630/s/380c1a66/sc/1/l/0L0Swashingtonpost0N0Cworld0Cnational0Esecurity0Cfeinstein0Ecia0Esearched0Eintelligence0Ecommittee0Ecomputers0C20A140C0A30C110C982cbc2c0Ea9230E11e30E85990Ece7295b6851c0Istory0Bhtml0Dwprss0Frss0Inational0Esecurity/story01.htmhttp://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-securityTue, 11 Mar 2014 11:43:00 -0400<p>The head of the Senate Intelligence Committee on Tuesday sharply accused the CIA of violating federal law and undermining the constitutional principle of congressional oversight as she detailed publicly for the first time how the agency secretly removed documents from computers used by her panel to investigate a controversial interrogation program.</p> <a href="http://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-security">Read full article &#62;&#62;</a><img width="1" height="1" src="http://feeds.washingtonpost.com/c/34656/f/636630/s/380c1a66/sc/1/mf.gif" border="0" /><br clear='all'/><div><table border='0'><tr><td valign='middle'><a href="http://share.feedsportal.com/share/twitter/?u=http://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-security&amp;t=Feinstein:+CIA+searched+Intelligence+Committee+computers" target="_blank"><img src="http://res3.feedsportal.com/social/twitter.png" border="0" /></a>&nbsp;<a href="http://share.feedsportal.com/share/facebook/?u=http://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-security&amp;t=Feinstein:+CIA+searched+Intelligence+Committee+computers" target="_blank"><img src="http://res3.feedsportal.com/social/facebook.png" border="0" /></a>&nbsp;<a href="http://share.feedsportal.com/share/linkedin/?u=http://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-security&amp;t=Feinstein:+CIA+searched+Intelligence+Committee+computers" target="_blank"><img src="http://res3.feedsportal.com/social/linkedin.png" border="0" /></a>&nbsp;<a href="http://share.feedsportal.com/share/gplus/?u=http://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-security&amp;t=Feinstein:+CIA+searched+Intelligence+Committee+computers" target="_blank"><img src="http://res3.feedsportal.com/social/googleplus.png" border="0" /></a>&nbsp;<a href="http://share.feedsportal.com/share/email/?u=http://www.washingtonpost.com/world/national-security/feinstein-cia-searched-intelligence-committee-computers/2014/03/11/982cbc2c-a923-11e3-8599-ce7295b6851c_story.html?wprss=rss_national-security&amp;t=Feinstein:+CIA+searched+Intelligence+Committee+computers" target="_blank"><img src="http://res3.feedsportal.com/social/email.png" border="0" /></a></td></tr></table></div><br/><br/><a href="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/sc/1/rc/1/rc.htm"><img src="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/sc/1/rc/1/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/sc/1/rc/2/rc.htm"><img src="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/sc/1/rc/2/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/sc/1/rc/3/rc.htm"><img src="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/sc/1/rc/3/rc.img" border="0" /></a><br/><br/><a href="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/a2.htm"><img src="http://da.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/a2.img" border="0" /></a><img width="1" height="1" src="http://pi.feedsportal.com/r/191800722117/u/197/f/636630/c/34656/s/380c1a66/a2t.img" border="0" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.washingtonpost.com%2Frss%2Fworld%2Fnational-security&entry=http%3A%2F%2Fwww.washingtonpost.com%2Fworld%2Fnational-security%2Ffeinstein-cia-searched-intelligence-committee-computers%2F2014%2F03%2F11%2F982cbc2c-a923-11e3-8599-ce7295b6851c_story.html%3Fwprss%3Drss_national-security