Green Light Or No, Nest Cam Never Stops Watching

chicksdaddy writes: How do you know when the Nest Cam monitoring your house is “on” or “off”? It’s simple: just look at the little power indicator light on the front of the device — and totally disregard what it is telling you. The truth is: the Nest Cam is never “off” despite an effort by Nest and its parent Google to make it appear otherwise. That, according to an analysis of the Nest Cam by the firm ABI Research, which found that turning the Nest Cam “off” using the associated mobile application only turns off the LED power indicator light on the front of the device. Under the hood, the camera continues to operate and, according to ABI researcher Jim Mielke, to monitor its surroundings: noting movement, sound and other activity when users are led to believe it has powered down. Mielke reached that conclusion after analyzing Nest Cam’s power consumption. Typically a shutdown or standby mode would reduce current by as much as 10 to 100 times, Mielke said. But the Google Nest Cam’s power consumption was almost identical in “shutdown” mode and when fully operational, dropping from 370 milliamps (mA) to around 340mA. The slight reduction in power consumption for the Nest Cam when it was turned “off” correlates with the disabling of the LED power light, given that LEDs typically draw 10-20mA. In a statement to The Security Ledger, Nest Labs spokesperson Zoz Cuccias acknowledged that the Nest Cam does not fully power down when the camera is turned off from the user interface (UI). “When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time,” Cuccias wrote in an e-mail. “With that said, when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings.” The privacy and security implications are serious. “This means that even when a consumer thinks that he or she is successfully turning off this camera, the device is still running, which could potentially unleash a tidal wave of privacy concerns,” Mielke wrote.

Read more of this story at Slashdot.

Contextual Search Platform Atlas Is Ivy Softworks’ First Spinoff

Atlas remembering flowers Ivy Softworks — a so-called “innovation studio” founded by Napster’s Jordan Ritter in Seattle — is taking the wraps off its first products today. It is launching a contextual information search platform called Atlas; and it’s also unveiling Recall, the first app for the Atlas platform. The launch marks Ivy Softworks’ long-anticipated departure from… Read More

Dell Accused of Installing ‘Superfish-Like’ Rogue Certificates On Laptops

Mickeycaskill writes: Dell has been accused of pre-installing rogue self-signing root certificate authentications on its laptops. A number of users discovered the ‘eDellRoot’ certificate on their machines and say it leaves their machines, and any others with the certificate, open to attack. “Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid,” said Joe Nord, a Citrix product manager who found the certificate on his laptop. It is unclear whether it is Dell or a third party installing the certificate, but the episode is similar to the ‘Superfish’ incident in which Lenovo was found to have installed malware to inject ads onto users’ computers.

Read more of this story at Slashdot.

New IBM Tech Lets Apps Authenticate You Without Personal Data

itwbennett writes: IBM’s Identity Mixer allows developers to build apps that can authenticate users’ identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.

Read more of this story at Slashdot.

Facebook ‘Class Action’ Privacy Lawsuit Moves To Austrian Supreme Court

europe vs facebook class action A privacy lawsuit filed against Facebook last year by Viennese lawyer and data privacy activist Max Schrems has moved up to Austria’s Supreme Court which will rule on whether the suit can be treated as a class action. Read More

Whistleblowers: How NSA Created the ‘Largest Failure’ In Its History

An anonymous reader writes: Former NSA whistleblowers contend that the agency shut down a program that could have “absolutely prevented” some of the worst terror attacks in memory. According to the ZDNet story: “Weeks prior to the September 11 terrorist attacks, a test-bed program dubbed ThinThread was shut down in favor of a more expensive, privacy-invasive program that too would see its eventual demise some three years later — not before wasting billions of Americans’ tax dollars. Four whistleblowers, including a congressional senior staffer, came out against the intelligence community they had served, after ThinThread. designed to modernize the agency’s intelligence gathering effort, was cancelled. Speaking at the premier of a new documentary film A Good American in New York, which chronicles the rise and demise of the program, the whistleblowers spoke in support of the program, led by former NSA technical director William Binney.”

Read more of this story at Slashdot.

Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what’s happened when the service was initiated 2 years ago — and is still happening now, writes CSO’s Steve Ragan. And that isn’t the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device’s MAC address as a key component of authentication.

Read more of this story at Slashdot.

File Says NSA Found Way To Replace Email Program

schwit1 writes: Newly disclosed documents show that the NSA had found a way to create the functional equivalent of programs that had been shut down. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.
The disclosure comes as a sister program that collects Americans’ phone records in bulk is set to end this month. Under a law enacted in June, known as the USA Freedom Act, the program will be replaced with a system in which the NSA can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.
The newly disclosed information about the email records program is contained in a report by the NSA’s inspector general that was obtained through a lawsuit under the Freedom of Information Act. One passage lists four reasons the NSA decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk email records program “had been designed to meet.”

Read more of this story at Slashdot.

U.K. Kids Increasingly Credulous Online, Finds Ofcom

teacher with children at computer While there has been high profile U.K. government backing for furnishing the nation’s youth with digital skills in recent years, including a requirement in the English national curriculum to start teaching coding to primary age children, new research from comms industry regulator Ofcom suggests a parallel push to teach kids to be much better critical thinkers in our… Read More

After Paris Attacks, Telegram Purges ISIS Public Content

butcher Pavel Durov 5 In the wake of the recent terrorist attacks in Paris, and amid ongoing operations to catch the perpetrators, with fears of further attacks swirling — secure messaging app Telegram has shuttered a swathe of public channels that it says were being used to broadcast what it dubbed “ISIS-related” content. Read More