Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

  • Hackers Plundered Israeli Defense Firms That Built 'Iron Dome' Missile Defense

    An anonymous reader writes: Brian Krebs reports on information from Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. that attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies. The attackers were seeking technical documents related to Iron Dome, Israel's air defense system. "IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. ... Once inside the IAI’s network, [the attackers] spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network. All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI." Most of the stolen material pertained to Arrow III missiles, UAVs, and ballistic rockets.

    159 comments | yesterday

  • Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

    hypnosec (2231454) writes to point out a pointed critique from Linus Torvalds of GCC 4.9.0. after a random panic was discovered in a load balance function in Linux 3.16-rc6. in an email to the Linux kernel mailing list outlining two separate but possibly related bugs, Linus describes the compiler as "terminally broken," and worse ("pure and utter sh*t," only with no asterisk). A slice: "Lookie here, your compiler does some absolutely insane things with the spilling, including spilling a *constant*. For chrissake, that compiler shouldn't have been allowed to graduate from kindergarten. We're talking "sloth that was dropped on the head as a baby" level retardation levels here .... Anyway, this is not a kernel bug. This is your compiler creating completely broken code. We may need to add a warning to make sure nobody compiles with gcc-4.9.0, and the Debian people should probably downgrate their shiny new compiler."

    711 comments | 3 days ago

  • The Psychology of Phishing

    An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?

    128 comments | about a week ago

  • Privacy Lawsuit Against Google Rests On Battery Drain Claims

    Jason Koebler writes: According to plaintiffs in a class-action lawsuit against Google, personal information about you and your browsing, email, and app-using habits that is regularly sent between apps on you Android phone is harming your battery life. As odd as it sounds, this minor yet demonstrable harm is what will allow their lawsuit to go forward. A federal judge ruled that the claim "requires a heavily and inherently fact-bound inquiry." That means there's a good chance we're about to get a look into the ins and outs of Google's advertising backbone: what information is shared with whom, and when.

    175 comments | about a week ago

  • Why My LG Optimus Cellphone Is Worse Than It's Supposed To Be

    Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.

    290 comments | about two weeks ago

  • New York Judge OKs Warrant To Search Entire Gmail Account

    jfruh writes While several U.S. judges have refused overly broad warrants that sought to grant police access to a suspect's complete Gmail account, a federal judge in New York State OK'd such an order this week. Judge Gabriel W. Gorenstein argued that a search of this type was no more invasive than the long-established practice of granting a warrant to copy and search the entire contents of a hard drive, and that alternatives, like asking Google employees to locate messages based on narrowly tailored criteria, risked excluding information that trained investigators could locate.

    150 comments | about two weeks ago

  • Australian Website Waits Three Years To Inform Customers of Data Breach

    AlbanX (2847805) writes Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.

    35 comments | about two weeks ago

  • Microsoft CEO To Slash 18,000 Jobs, 12,500 From Nokia To Go

    DW100 (2227906) writes "Satya Nadella has taken an axe to Microsoft's 127,000-strong workforce by announcing a whopping 18,000 job cuts, including 12,500 from the recently integrated Nokia division. At least 13,000 jobs will go within the next six months." It's official, Ballmer's layoff record has been smashed. From the email sent to employees: "The first step to building the right organization for our ambitions is to realign our workforce. With this in mind, we will begin to reduce the size of our overall workforce by up to 18,000 jobs in the next year. Of that total, our work toward synergies and strategic alignment on Nokia Devices and Services is expected to account for about 12,500 jobs, comprising both professional and factory workers. We are moving now to start reducing the first 13,000 positions, and the vast majority of employees whose jobs will be eliminated will be notified over the next six months."

    383 comments | about two weeks ago

  • Sony Forgets To Pay For Domain, Hilarity Ensues

    First time accepted submitter Dragoness Eclectic writes Early Tuesday, gamers woke up to find out that they couldn't log in to any Sony Online Entertainment games--no Everquest, no Planetside 2, none of them. Oddly, the forums where company reps might have posted some explanation weren't reachable, either. A bit of journalistic investigation by EQ2Wire came across the explanation: SOE forgot to renew the domain registration on SonyOnline.net, the hidden domain that holds all their nameservers. After 7 weeks of non-payment post-expiration, NetworkSolutions reclaimed the domain, sending all access to Sony's games into an internet black hole. Sony has since paid up. SOE's president, John Smedley, has admitted that the expiration notices were being sent to an "unread email" address.

    277 comments | about two weeks ago

  • Apple and IBM Announce Partnership To Bring iOS + Cloud Services To Enterprises

    jmcbain writes: According to an article on Recode, Apple and IBM have announced a major partnership to bring mobile services to enterprise customers. "The deal calls for IBM and Apple to develop more than 100 industry-specific applications that will run on the iPhone and iPad. Apple will add a new class of service to its AppleCare program and support aimed at enterprise customers. IBM will also begin to sell iPhones and iPads to its corporate customers and will devote more than 100,000 people, including consultants and software developers, to the effort. Enterprise applications will in many cases run on IBM's cloud infrastructure or on private clouds that it has built for its customers. Data for those applications will co-exist with personal data like photos and personal email that will run on Apple's iCloud and other cloud services."

    126 comments | about two weeks ago

  • Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On

    Advocatus Diaboli (1627651) writes The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans — including a political candidate and several civil rights activists, academics, and lawyers — under secretive procedures intended to target terrorists and foreign spies. From the article: "The individuals appear on an NSA spreadsheet in the Snowden archives called 'FISA recap.' Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also 'are or may be' engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. ... The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments."

    223 comments | about three weeks ago

  • DC Entertainment Won't Allow Superman Logo On Murdered Child's Memorial Statue

    An anonymous reader writes Jeffrey Baldwin was essentially starved to death by his grandparents. Funds had been raised to build a monument for Jeffrey in Toronto. The monument was designed to feature Jeffrey in a Superman costume, and even though Superman should be public domain, DC Comics has denied the request. "The request to DC had been made by Todd Boyce, an Ottawa father who did not know the Baldwin family. Boyce was so moved by the testimony at the coroner’s inquest into Jeffrey’s death last year that he started an online fundraising campaign for the monument. DC’s senior vice-president of business and legal affairs, Amy Genkins, told Boyce in an email that 'for a variety of legal reasons, we are not able to accede to the request, nor many other incredibly worthy projects that come to our attention.'... For Boyce, it was a huge blow, as he felt the Superman aspect was a crucial part of the bronze monument, which will include a bench. The coroner’s inquest heard from Jeffrey’s father that his son loved to dress up as Superman."

    249 comments | about three weeks ago

  • New Russian Law To Forbid Storing Russians' Data Outside the Country

    TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.

    206 comments | about three weeks ago

  • Goldman Sachs Demands Google Unsend One of Its E-mails

    rudy_wayne (414635) writes A Goldman Sachs contractor was testing internal changes made to Goldman Sachs system and prepared a report with sensitive client information, including details on brokerage accounts. The report was accidentally e-mailed to a 'gmail.com' address rather than the correct 'gs.com' address. Google told Goldman Sachs on June 26 that it couldn't just reach into Gmail and delete the e-mail without a court order. Goldman Sachs filed with the New York Supreme Court, requesting "emergency relief" to avoid a privacy violation and "avoid the risk of unnecessary reputational damage to Goldman Sachs."

    346 comments | about a month ago

  • Microsoft Opens 'Transparency Center' For Governments To Review Source Code

    MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.

    178 comments | about a month ago

  • Lawrence Lessig Answers Your Questions About His Mayday PAC, Part 2 (Video)

    The original Mayday PAC goal was to raise $1 million. Now Larry is working on a second -- and more ambitious -- goal: To raise $5 million by July 4. We called for your questions on June 23, and you sent a bunch of them. This time, instead of using email, we used Google Hangout to ask via video, with an attached transcript for those who can't or won't watch the video. In today's video, Larry tells us that some of the impetus for Mayday PAC came from the late Aaron Swartz, and goes deeper into the group's goals and hopes than he did in yesterday's video. (Alternate Video Link)

    42 comments | about a month ago

  • Supreme Court Rejects Appeal By Google Over Street View Data Collection

    An anonymous reader writes "The U.S. Supreme Court declined to throw out a class-action lawsuit against Google for sniffing Wi-Fi networks with its Street View cars. The justices left intact a federal appeals court ruling that the U.S. Wiretap Act protects the privacy of information on unencrypted in-home Wi-Fi networks. Several class-action lawsuits were filed against Google shortly after the company acknowledged that its Street View cars were accessing email, web history and other data on unencrypted Wi-Fi networks. A Google spokesman said the company was disappointed that the Supreme Court had declined to hear the case."

    113 comments | about a month ago

  • Lawrence Lessig Answers Your Questions About His Mayday PAC (Video)

    We've mentioned this interesting PAC more than once, including when Steve Wozniak endorsed it. The original Mayday PAC goal was to raise $1 million. Now Larry is working on a second -- and more ambitious -- goal: To raise $5 million by July 4. We called for your questions on June 23, and got a bunch of them. This time, instead of asking via email, we used Google Hangout to ask via video. Here's a quote from the Mayday website:'We are a crowdfunded Super PAC to end all Super PACs. Ironic? Yes. Embrace the irony. We’re kickstarting a Super PAC big enough to make it possible to win a Congress committed to fundamental reform by 2016. We set fundraising goals and then crowdfund those goals." Check the Mayday About page and you'll see that a whole bunch of Internet and coding luminaries are on board. You may also notice that they span the political spectrum; this is totally not a partisan effort. | Another quote from the website: "Wealthy funders are holding our democracy hostage. We want to pay the ransom and get it back." Is this an achievable goal? We'll never know if we don't try. | This is Part 1 of a 2-part video. (Alternate Video Link) Update: 07/02 23:42 GMT by T : Here's a link to part 2 of the video, too.

    148 comments | about a month ago

  • Microsoft Suspending "Patch Tuesday" Emails

    New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.

    145 comments | about a month ago

  • Make a Date With Fraud

    Rambo Tribble (1273454) writes "Netcraft is reporting that criminals are mounting massive phishing attacks through online dating sites. The scams are numerous and target multiple sites. Actual methods range from blackmail to 419-style scams. Characteristically, fraudsters hijack an existing account on one of the services, then use that as a portal to deliver a PHP script to compromise the site. 'The latest attacks make use of a phishing kit which contains hundreds of PHP scripts, configured to send stolen credentials to more than 300 distinct email addresses.' The BBC offers additional insights ."

    61 comments | about a month ago

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...