×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Clarificiation on the IP Address Security in Dropbox Case

samzenpus posted 1 hour ago | from the read-all-about-it dept.

Privacy 73

Bennett Haselton writes A judge rules that a county has to turn over the IP addresses that were used to access a county mayor's Dropbox account, stating that there is no valid security-related reason why the IP addresses should be exempt from a public records request. I think the judge's conclusion about IP addresses was right, but the reasoning was flawed; here is a technically more correct argument that would have led to the same answer. Keep Reading to see what Bennett has to say about the case.

Auto Industry Teams Up With Military To Stop Car Hacking

Soulskill posted 3 hours ago | from the feel-free-to-stay-on-top-of-that dept.

Transportation 72

An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.

The People Who Are Branding Vulnerabilities

Soulskill posted yesterday | from the it's-marketing-all-the-way-down dept.

Security 59

antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

Cameron Accuses Internet Companies Of Giving Terrorists Safe Haven

timothy posted yesterday | from the not-quite-on-the-money dept.

United Kingdom 178

An anonymous reader writes with this snippet from The Guardian: "Internet companies are allowing their networks to be used to plot "murder and mayhem", David Cameron has said in response to the official inquiry into the intelligence agencies' actions ahead of the killing of Lee Rigby. He demanded that internet companies live up to their social responsibilities to report potential terror threats and said there was no reason for such firms to be willing to cooperate with state agencies over child abuse but not over combatting terrorism. His comments to the House of Commons came after the parliamentary intelligence and security committee concluded that the brutal murder of Rigby could have been prevented if an internet company had passed on an online exchange in which one of the killers expressed "in the most graphic terms" his intention to carry out an Islamist jihadi attack.

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

Soulskill posted yesterday | from the try-long-enough-and-you-find-a-soft-target dept.

Sony 153

MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.

How the Pentagon's Robots Would Automate War

Soulskill posted 2 days ago | from the peace-reigns-when-the-war-servers-are-down-for-scheduled-maintenance dept.

The Military 114

rossgneumann writes: Pentagon officials are worried that the U.S. military is losing its edge compared to competitors like China, and are willing to explore almost anything to stay on top—including creating robots capable of becoming fighting machines. A 72-page document throws detailed light on the far-reaching implications of the Pentagon's plan to monopolize imminent "transformational advances" in biotechnology, robotics and artificial intelligence, information technology, nanotechnology, and energy.

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

samzenpus posted 2 days ago | from the guess-who dept.

Security 124

Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

Google Chrome Will Block All NPAPI Plugins By Default In January

samzenpus posted 2 days ago | from the end-of-the-line dept.

Chrome 107

An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback."

DHS Set To Destroy "Einstein" Surveillance Records

samzenpus posted 2 days ago | from the nothing-to-see-here dept.

United States 70

schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

Book Review: Bulletproof SSL and TLS

samzenpus posted 2 days ago | from the read-all-about-it dept.

Books 88

benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.

Nuclear Weapons Create Their Own Security Codes With Radiation

samzenpus posted 2 days ago | from the missile-protect-thyself dept.

Security 103

Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

samzenpus posted 2 days ago | from the protect-ya-neck dept.

Security 141

An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

Critical XSS Flaws Patched In WordPress and Popular Plug-In

timothy posted 4 days ago | from the switch-to-slashcode dept.

Open Source 40

itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.

Top NSA Official Raised Alarm About Metadata Program In 2009

Soulskill posted 4 days ago | from the should-have-listened dept.

Privacy 110

An anonymous reader sends this report from the Associated Press: "Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say.

The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history.

Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More

Soulskill posted 4 days ago | from the everybody-gets-something-and-nobody-gets-everything dept.

Government 186

theodp writes: "The high-tech industry," reports the Washington Post's Nancy Scola, "will have at least two things to be happy about in President Obama's speech outlining executive actions he'll take on immigration. The president plans to grant the tech industry some, but not nearly all, of what it has been after in the immigration debate. The first is aimed at increasing the opportunity for foreign students and recent graduates from U.S. schools to work in high-tech jobs in the United States. And the second is aimed at making it easier for foreign-born entrepreneurs to set up shop in the United States. According to the White House, Obama will direct the Department of Homeland Security to help students in the so-called STEM fields — science, technology, engineering and mathematics — by proposing, per a White House fact sheet released Thursday night, to "expand and extend" the controversial Optional Practical Training program that now allows foreign-born STEM students and recent graduates remain in the United States for up to 29 months. The exact details of that expansion will be worked out by the Department of Homeland Security as it goes through a rulemaking process."

Microsoft Rolls Out Robot Security Guards

Soulskill posted 5 days ago | from the please-register-that-copy-of-windows.-you-have-20-seconds-to-comply dept.

Robotics 140

An anonymous reader writes: Microsoft is testing a group of five robot security guards. They contain a sophisticated sensor suite that includes 360-degree HD video, thermal imaging, night vision, LIDAR, and audio recorders. They can also detect various chemicals and radiation signatures, and do some rudimentary behavioral analysis on people they see. (And they look a bit like Daleks.) The robots are unarmed, so we don't have to worry about a revolt just yet, but they can sound an alarm and call for human officers. They weigh about 300 lbs each, can last roughly a day on a battery charge, and know to head to the charging station when they're low on power.

Greenwald Advises Market-Based Solution To Mass Surveillance

samzenpus posted 5 days ago | from the you-get-what-you-demand dept.

United States 156

Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins

timothy posted 5 days ago | from the sometimes-the-good-guys-win dept.

Bitcoin 46

An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)

Amnesty International Releases Tool To Combat Government Spyware

timothy posted 5 days ago | from the doing-the-right-thing dept.

Privacy 94

New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt, a tool that finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent government surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool (downloadable here) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning.

Android Botnet Evolves, Could Pose Threat To Corporate Networks

samzenpus posted about a week ago | from the protect-ya-neck dept.

Botnet 54

angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.

Slashdot Login

Need an Account?

Forgot your password?