Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

  • Critical XSS Flaws Patched In WordPress and Popular Plug-In

    itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.

    30 comments | 8 hours ago

  • Top NSA Official Raised Alarm About Metadata Program In 2009

    An anonymous reader sends this report from the Associated Press: "Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say.

    The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history.

    95 comments | yesterday

  • Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More

    theodp writes: "The high-tech industry," reports the Washington Post's Nancy Scola, "will have at least two things to be happy about in President Obama's speech outlining executive actions he'll take on immigration. The president plans to grant the tech industry some, but not nearly all, of what it has been after in the immigration debate. The first is aimed at increasing the opportunity for foreign students and recent graduates from U.S. schools to work in high-tech jobs in the United States. And the second is aimed at making it easier for foreign-born entrepreneurs to set up shop in the United States. According to the White House, Obama will direct the Department of Homeland Security to help students in the so-called STEM fields — science, technology, engineering and mathematics — by proposing, per a White House fact sheet released Thursday night, to "expand and extend" the controversial Optional Practical Training program that now allows foreign-born STEM students and recent graduates remain in the United States for up to 29 months. The exact details of that expansion will be worked out by the Department of Homeland Security as it goes through a rulemaking process."

    159 comments | yesterday

  • Microsoft Rolls Out Robot Security Guards

    An anonymous reader writes: Microsoft is testing a group of five robot security guards. They contain a sophisticated sensor suite that includes 360-degree HD video, thermal imaging, night vision, LIDAR, and audio recorders. They can also detect various chemicals and radiation signatures, and do some rudimentary behavioral analysis on people they see. (And they look a bit like Daleks.) The robots are unarmed, so we don't have to worry about a revolt just yet, but they can sound an alarm and call for human officers. They weigh about 300 lbs each, can last roughly a day on a battery charge, and know to head to the charging station when they're low on power.

    136 comments | yesterday

  • Greenwald Advises Market-Based Solution To Mass Surveillance

    Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.

    143 comments | yesterday

  • Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins

    An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)

    45 comments | 2 days ago

  • Amnesty International Releases Tool To Combat Government Spyware

    New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt, a tool that finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent government surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool (downloadable here) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning.

    94 comments | 2 days ago

  • Android Botnet Evolves, Could Pose Threat To Corporate Networks

    angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.

    54 comments | 2 days ago

  • Blowing On Money To Tell If It Is Counterfeit

    HughPickens.com writes Scientific American reports that simply breathing on money could soon reveal if it's the real deal or counterfeit thanks to a photonic crystal ink developed by Ling Bai and Zhongze Gu and colleagues at Southeast University in Nanjing, China that can produce unique color changing patterns on surfaces with an inkjet printer system which would be extremely hard for fraudsters to reproduce. The ink mimics the way Tmesisternus isabellae – a species of longhorn beetle – reversibly switches its color from gold to red according to the humidity in its environment. The color shift is caused by the adsorption of water vapor in their hardened front wings, which alters the thickness and average refractive index of their multilayered scales. To emulate this, the team made their photonic crystal ink using mesoporous silica nanoparticles, which have a large surface area and strong vapor adsorption capabilities that can be precisely controlled. The complicated and reversible multicolor shifts of mesoporous CPC patterns are favorable for immediate recognition by naked eyes but hard to copy. "We think the ink's multiple security features may be useful for antifraud applications," says Bai, "however we think the technology could be more useful for fabricating multiple functional sensor arrays, which we are now working towards."

    111 comments | 2 days ago

  • Court Shuts Down Alleged $120M Tech Support Scam

    wiredmikey writes A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than $120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines.

    According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between $29 and $49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as $500, the FTC stated.

    124 comments | 2 days ago

  • Martin Jetpack Closer To Takeoff In First Responder Applications

    Zothecula writes Last year's redesign of the long-awaited Martin Jetpack was accompanied by plans to begin commercial sales in 2014, starting with emergency response services and individual sales to follow thereafter. The release date for the first responder Jetpack has since been revised to 2016, a prediction bolstered by the fresh announcement of a partnership between Martin Aircraft Company and US company Avwatch to develop air-based, first responder solutions for the US Department of Homeland Security and Department of Defense.

    53 comments | 2 days ago

  • Republicans Block Latest Attempt At Curbing NSA Power

    Robotron23 writes: The latest attempt at NSA reform has been prevented from passage in the Senate by a margin of 58 to 42. Introduced as a means to stop the NSA collecting bulk phone and e-mail records on a daily basis, the USA Freedom Act has been considered a practical route to curtailment of perceived overreach by security services, 18 months since Edward Snowden went public. Opponents to the bill said it was needless, as Wall Street Journal raised the possibility of terrorists such as ISIS running amok on U.S. soil. Supporting the bill meanwhile were the technology giants Google and Microsoft. Prior to this vote, the bill had already been stripped of privacy protections in aid of gaining White House support. A provision to extend the controversial USA Patriot Act to 2017 was also appended by the House of Representatives.

    424 comments | 3 days ago

  • Chrome 39 Launches With 64-bit Version For Mac OS X and New Developer Features

    An anonymous reader writes "Google today released Chrome 39 for Windows, Mac, and Linux. The biggest addition in this release is 64-bit support for OS X, which first arrived in Chrome 38 beta. Unlike on Windows, where 32-bit and 64-bit versions will both continue to be available (users currently have to opt-in to use the 64-bit release), Chrome for Mac is now only available in 64-bit. There are also a number of security fixes and developer features. Here's the full changelog.

    65 comments | 3 days ago

  • Microsoft Releases Out-of-Band Security Patch For Windows

    mrspoonsi writes Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company's major platforms, is rated 'critical' and it is recommended that you install the patch immediately. The patch is rated 'critical' because it allows for elevation of privileges and will require a restart. The platforms that are affected include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1. Windows 10 Technical Preview customers are affected, too.

    170 comments | 3 days ago

  • State Department Joins NOAA, USPS In Club of Hacked Federal Agencies

    Hot on the heels of recent cyber attacks on NOAA, the USPS, and the White House, the New York Times reports that the U.S. State Department has also suffered an online security breach, though it's not clear who to blame. “This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system,” said one senior State Department official, adding that the department expected its systems to be up soon. ....The breach at the White House was believed to be the work of hackers in Russia, while the breaches at NOAA and the Postal Service were believed to the work of hackers inside China. Attributing attacks to a group or nation is difficult because hackers typically tend to route their attack through compromised web servers all over the world. A senior State Department official said the breach was discovered after “activity of concern” was detected on portions of its unclassified computer system. Officials did not say how long hackers may have been lurking in those systems, but security improvements were being added to them on Sunday.

    54 comments | 5 days ago

  • FreeBSD 10.1 Released

    An anonymous reader writes Version 10.1 of the venerable FreeBSD operating system has been released. The new version of FreeBSD offers support for booting from UEFI, automated generation of OpenSSH keys, ZFS performance improvements, updated (and more secure) versions of OpenSSH and OpenSSL and hypervisor enhancements. FreeBSD 10.1 is an extended support release and will be supported through until January 1, 2017. Adds reader aojensen: As this is the second release of the stable/10 branch, it focuses on improving the stability and security of the 10.0-RELEASE, but also introduces a set of new features including: vt(4) a new console driver, support for FreeBSD/i386 guests on the bhyve hypervisor, support for SMP on armv6 kernels, UEFI boot support for amd64 architectures, support for the UDP-Lite protocol (RFC 3828) support on both IPv4 and IPv6, and much more. For a complete list of changes and new features, the release notes are also available.

    119 comments | about a week ago

  • 81% of Tor Users Can Be De-anonymized By Analysing Router Information

    An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'

    136 comments | about a week ago

  • Boeing Readies For First Ever Conjoined Satellite Launch

    Zothecula writes Boeing has successfully joined two of its 702SP satellites in a stacked configuration in preparation for a launch scheduled for early 2015. Aside from being the first involving conjoined satellites, the launch will also put the first satellites to enter service boasting an all-electric propulsion system into orbit. "Designed by Boeing Network & Space Systems and its defense and security advanced prototyping arm, Phantom Works, the 702SP (small platform) satellites are an evolution of the company's 702 satellite. Operating in the low- to mid-power ranges of 3 to 9 kW, instead of chemical propulsion, the satellites boast an all-electric propulsion system that Boeing says minimizes the mass of the spacecraft and maximizes payload capacity."

    67 comments | about a week ago

  • US Gov't Issues Alert About iOS "Masque Attack" Threat

    alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

    98 comments | about a week ago

  • Internet Voting Hack Alters PDF Ballots In Transmission

    msm1267 (2804139) writes Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren't where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called 'Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering' that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes.

    147 comments | about a week ago

Slashdot Login

Need an Account?

Forgot your password?