We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.
322 comments | 2 days ago
kwelch007 writes I commonly work in a clean-room (CR.) As such, I commonly need access to my smart-phone for various reasons while inside the CR...but, I commonly keep it in my front pocket INSIDE my clean-suit. Therefore, to get my phone out of my pocket, I have to leave the room, get my phone out of my pocket, and because I have a one track mind, commonly leave it sitting on a table or something in the CR, so I then have to either have someone bring it to me, or suit back up and go get it myself...a real pain. I have been looking in to getting a 'Smart Watch' (I'm preferential to Android, but I know Apple has similar smart-watches.) I would use a smart-watch as a convenient, easy to transport and access method to access basic communications (email alerts, text, weather maps, etc.) The problem I'm finding while researching these devices is, I'm not finding many apps. Sure, they can look like a nice digital watch, but I can spend $10 for that...not the several hundred or whatever to buy a smart-watch. What are some apps I can get? (don't care about platform, don't care if they're free) I just want to know what's the best out there, and what it can do? I couldn't care less about it being a watch...we have these things called clocks all over the place. I need various sorts of data access. I don't care if it has to pair with my smart-phone using Bluetooth or whatever, and it won't have to be a 100% solution...it would be more of a convenience that is worth the several hundred dollars to me. My phone will never be more than 5 feet away, it's just inconvenient to physically access it. Further, I am also a developer...what is the best platform to develop for these wearable devices on, and why? Maybe I could make my own apps? Is it worth waiting for the next generation of smart-watches?
219 comments | 2 days ago
Trailrunner7 writes with this news from ThreatPost: Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers. ICANN officials said they are notifying any users whose zone data might have been compromised." (Here's ICANN's public note on the compromise.)
110 comments | 2 days ago
retroworks writes Motherboard.vice offers an interesting scoop from the hacked Sony Pictures email trove. A plan championed by Polish marketing employee Magda Mastalerz was to upload false versions of highly-pirated Sony programming, effectively polluting torrent sites with false positives. For example, a "Hannibal"-themed anti-piracy ad to popular torrent sites disguised as the first episode. Sony Pictures legal department quashed the idea, saying that if pirate sites were illegal, it would also be illegal for Sony Pictures to upload onto them. There were plans in WW2 to drop phony counterfeit currency to disrupt markets, and I wonder why flooding underground markets with phony products isn't widespread. Why don't credit card companies manufacture fake lists of stolen credit card numbers, or phony social security numbers, for illegal trading sites? For that matter, would fake ivory, fake illegal porn, and other "false positives" discourage buyers? Or create alibis?
130 comments | 5 days ago
cpt kangarooski writes: Information has come to light (thanks to the recent Sony hack) that the MPAA and six major studios are pondering the legal actions available to them to compel an entity referred to as 'Goliath,' most likely Google, into taking aggressive anti-piracy action on behalf of the entertainment industry. The MPAA and member studios Universal, Sony, Fox, Paramount, Warner Bros., and Disney have had lengthy email discussions concerning how to block pirate sites at the ISP level, and how to take action at the state level to work around the failure of SOPA in 2012. Emails also indicate that they are working with Comcast (which owns Universal) on some form of traffic inspection to find copyright infringements as they happen.
176 comments | about a week ago
msm1267 writes A researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that put email message content, contact information and much more at risk. The researcher said the weakness is relatively simple to exploit and puts users at high risk for data loss, identity theft, and more. Yahoo has patched one issue related to a specific .swf file hosted on Yahoo's content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin. While the patch fixed this specific issue, the larger overall configuration issue remains, meaning that other vulnerable .swf files hosted outside the Yahoo CDN and on another Yahoo subdomain could be manipulated the same way.
49 comments | about two weeks ago
itwbennett writes Facebook has made several acquisitions over the years to help advertisers target their ads and extend their reach. Custom Audiences is one such targeting tool, allowing retailers to match shoppers in their stores with their accounts on Facebook. It's often done through an email address, phone number or name. Facebook won't give hard numbers, but there seems to be a lot of matching going on. For decades, marketers have been trying to understand more about what's happening at the point of sale, 'so their systems are really robust at capturing a strikingly large amount of transactions,' says Brian Boland, Facebook's VP of advertising technology.
69 comments | about two weeks ago
Jason Baker writes Can you really trust your email provider? And even if you self-host your email server, can you really trust its security if you can't see the code? Over on Opensource.com, Olivier Thierry makes three cases for using open source to power your email solution: The power of numbers, the value of trust, and the importance of leverage.
73 comments | about two weeks ago
MojoKid writes: Things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."
184 comments | about two weeks ago
HughPickens.com writes: Ju-Min Park and James Pearson report at Reuters that despite its poverty and isolation, North Korea has poured resources into a sophisticated cyber-warfare cell called Bureau 121, staffed by some of the most talented, and rewarded, people in North Korea, handpicked and trained from as young as 17. "They are handpicked," says Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004. "It is a great honor for them. It is a white-collar job there and people have fantasies about it." The hackers in Bureau 121 were among the 100 students who graduate from the University of Automation each year after five years of study. Over 2,500 apply for places at the university, which has a campus in Pyongyang, behind barbed wire.
According to Jang Se-yul, who studied with them at North Korea's military college for computer science, the Bureau 121 unit comprises about 1,800 cyber-warriors, and is considered the elite of the military. As well as having salaries far above the country's average, they are often gifted with good food, luxuries and even apartments. According to John Griasafi, this kind of treatment could be expected for those working in the elite Bureau. "You'd have to be pretty special and well trusted to even be allowed on email in North Korea so I have no doubt that they are treated well too." Pyongyang has active cyber-warfare capabilities, military and software security experts have said. In 2013, tens of thousands of computers were made to malfunction, disrupting work at banks and television broadcasters in South Korea. "In North Korea, it's called the Secret War," says Jang.
102 comments | about two weeks ago
The Intercept has published today a story detailing documents that "reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers." The documents also describe a years-long effort, aimed at hostile and friendly regimes, from the point of view of the U.S. government, to break the security of various countries' communications networks. "Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks."
148 comments | about two weeks ago
An anonymous reader writes that the recent IP advisor to Prime Minister David Cameron has laid some of the blame for the recent Sony hack at the feet of ISPs. Meanwhile, it's reported that Sony is close to officially blaming North Korea. As the fallout from the Sony hack continues, who is to blame for the leak of movies including Fury, which has been downloaded a million times? According to the UK Prime Minister's former IP advisor, as 'facilitators' web-hosts and ISPs must step up and take some blame. Mike Weatherley MP, the recent IP advisor to Prime Minister David Cameron, has published several piracy reports including one earlier in the year examining the advertising revenue on pirate sites. He believes that companies with no direct connection to the hack or subsequent leaks should shoulder some blame. 'Piracy is a huge international problem. The recent cyber-attack on Sony and subsequent release of films to illegal websites is just one high-profile example of how criminals exploit others' Intellectual Property,' Weatherley writes in an email to TF. 'Unfortunately, the theft of these films – and their subsequent downloads – has been facilitated by web-hosting companies and, ultimately, ISPs who do have to step-up and take some responsibility.' Weatherley doesn't provide detail on precisely why web-hosts and ISPs should take responsibility for the work of malicious hackers (possibly state-sponsored) and all subsequent fall out from attacks. The theory is that 'something' should be done, but precisely what remains elusive."
216 comments | about two weeks ago
An anonymous reader writes Three Inbox by Gmail engineers today answered questions as part of a Reddit AMA session. Most of the answers were tidbits we've heard of before, but one stood out to us: Google plans to eventually replace Gmail with Inbox. In response to the question "Do you think Inbox will replace Gmail on the long road?," lead designer Jason Cornwell gave the following answer: "In the short term, no. In the very long term, we hope so. Inbox is something new — that's why we're launching it as a separate product. We care deeply about Gmail and Gmail users, but in the long run as we add more features to Inbox and respond to user feedback we hope that everyone will want to use Inbox instead of Gmail. Ultimately, our users will decide." The followup question asks how Google believed one email product possibly target both casual (Gmail) and power (Inbox) users, to which Cornwell replied: "They are not aimed at fundamentally different audiences. Both Gmail and Inbox are designed to scale from low volume to high volume users."
239 comments | about two weeks ago
chicksdaddy writes Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers' reach within the target organization: sending phishing email messages to other employees.
37 comments | about three weeks ago
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.
92 comments | about a month ago
coondoggie writes: The U.S. Marshals office says it will auction off almost 50,000 bitcoins (about $20 million worth) seized from alleged Silk Road creator Ross Ulbricht. The auction, which is the second sale of Silk Road's bitcoin collection, will take place during a 6-hour period on Dec. 4 from 8:00 a.m. until 2:00 p.m. EST. Bids will be accepted by email from pre-registered bidders only, the U.S. Marshals office said. In June more than $17 million in bitcoins seized from the Silk Road take-down were auctioned off.
119 comments | about a month ago
Bennett Haselton writes: My last article garnered some objections from readers saying that the sample sizes were too small to draw meaningful conclusions. (36 out of 47 survey-takers, or 77%, said that a picture of a black woman breast-feeding was inappropriate; while in a different group, 38 out of 54 survey-takers, or 70%, said that a picture of a white woman breast-feeding was inappropriate in the same context.) My conclusion was that, even on the basis of a relatively small sample, the evidence was strongly against a "huge" gap in the rates at which the surveyed population would consider the two pictures to be inappropriate. I stand by that, but it's worth presenting the math to support that conclusion, because I think the surveys are valuable tools when you understand what you can and cannot demonstrate with a small sample. (Basically, a small sample can present only weak evidence as to what the population average is, but you can confidently demonstrate what it is not.) Keep reading to see what Bennett has to say.
246 comments | about a month ago
Hot on the heels of recent cyber attacks on NOAA, the USPS, and the White House, the New York Times reports that the U.S. State Department has also suffered an online security breach, though it's not clear who to blame. “This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system,” said one senior State Department official, adding that the department expected its systems to be up soon. ....The breach at the White House was believed to be the work of hackers in Russia, while the breaches at NOAA and the Postal Service were believed to the work of hackers inside China. Attributing attacks to a group or nation is difficult because hackers typically tend to route their attack through compromised web servers all over the world. A senior State Department official said the breach was discovered after “activity of concern” was detected on portions of its unclassified computer system. Officials did not say how long hackers may have been lurking in those systems, but security improvements were being added to them on Sunday.
54 comments | about a month ago
New submitter hawkbug writes For the past 15 years, I have hosted my own email server at home and it's been pretty painless. I had always used a local Denver ISP on a single static IP. Approximately two years ago, I switched to a faster connection, which now is hosted on Comcast. They provide me 5 static IPs and much faster speeds. It's a business connection with no ports blocked, etc. It has been mostly fine these last two years, with the occasional outage due to typical Comcast issues. About two weeks ago, I came across a serious issue. The following email services started rejecting all email from my server: Hotmail, Yahoo, and Gmail. I checked, and my IP is not on any real time blacklists for spammers, and I don't have any security issues. My mail server is not set as an open relay, and I use SPF records and pass all SPF tests. It appears that all three of those major email services started rejecting email from me based on a single condition: Comcast. I can understand the desire to limit spam — but here is the big problem: I have no way to combat this. With Gmail, I can instruct users to flag my emails as "not spam" because the emails actually go through, but simply end up in the spam folder. Yahoo and Hotmail on the other hand, just flat out reject the traffic at lower level. They send rejection notices back to my server that contain "tips" on how to make sure I'm not an open relay, causing spam, etc. Since I am not doing any of those things, I would expect some sort of option to have my IP whitelisted or verified. However, I can not find a single option to do so. The part that bugs me is that this happened two weeks ago with multiple major email services. Obviously, they are getting anti-spam policies from a central location of some kind. I don't know where. If I did, I could possibly go after the source and try to get my IP whitelisted. When I ask my other tech friends what they would do, they simply suggest changing ISPs. Nobody likes Comcast, but I don't have a choice here. I'm two years into a three-year contract. So, moving is not an option. Is there anything I can do to remedy this situation?
405 comments | about a month ago
theodp writes: The Duke Chronicle published an e-mail reportedly sent to hundreds of Duke students who took Computer Science 201 (Data Structures & Algorithms) last spring, giving those who copied solutions to class problems until Nov. 12th to turn themselves in for cheating. "Students who have violated course policies but do not step forward by November 12, 2014," warns the e-mail, "will not be offered faculty-student resolution and will be referred to the Office of Student Conduct for disciplinary processes without any recommendation for leniency." The Chronicle adds that CS Prof Owen Astrachan, co-director of undergraduate studies, admitted that there is a fine line between collaboration and cheating in computer science — online and in person, although Astrachan made it clear in comments that "Students who copied code from the Internet are in violation of the community standard and course policies."
320 comments | about a month ago