Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

samzenpus posted 2 hours ago | from the protect-ya-neck dept.

Security 60

An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

Critical XSS Flaws Patched In WordPress and Popular Plug-In

timothy posted 2 days ago | from the switch-to-slashcode dept.

Open Source 38

itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.

Top NSA Official Raised Alarm About Metadata Program In 2009

Soulskill posted 2 days ago | from the should-have-listened dept.

Privacy 108

An anonymous reader sends this report from the Associated Press: "Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say.

The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history.

Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More

Soulskill posted 2 days ago | from the everybody-gets-something-and-nobody-gets-everything dept.

Government 179

theodp writes: "The high-tech industry," reports the Washington Post's Nancy Scola, "will have at least two things to be happy about in President Obama's speech outlining executive actions he'll take on immigration. The president plans to grant the tech industry some, but not nearly all, of what it has been after in the immigration debate. The first is aimed at increasing the opportunity for foreign students and recent graduates from U.S. schools to work in high-tech jobs in the United States. And the second is aimed at making it easier for foreign-born entrepreneurs to set up shop in the United States. According to the White House, Obama will direct the Department of Homeland Security to help students in the so-called STEM fields — science, technology, engineering and mathematics — by proposing, per a White House fact sheet released Thursday night, to "expand and extend" the controversial Optional Practical Training program that now allows foreign-born STEM students and recent graduates remain in the United States for up to 29 months. The exact details of that expansion will be worked out by the Department of Homeland Security as it goes through a rulemaking process."

Microsoft Rolls Out Robot Security Guards

Soulskill posted 2 days ago | from the please-register-that-copy-of-windows.-you-have-20-seconds-to-comply dept.

Robotics 138

An anonymous reader writes: Microsoft is testing a group of five robot security guards. They contain a sophisticated sensor suite that includes 360-degree HD video, thermal imaging, night vision, LIDAR, and audio recorders. They can also detect various chemicals and radiation signatures, and do some rudimentary behavioral analysis on people they see. (And they look a bit like Daleks.) The robots are unarmed, so we don't have to worry about a revolt just yet, but they can sound an alarm and call for human officers. They weigh about 300 lbs each, can last roughly a day on a battery charge, and know to head to the charging station when they're low on power.

Greenwald Advises Market-Based Solution To Mass Surveillance

samzenpus posted 2 days ago | from the you-get-what-you-demand dept.

United States 145

Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins

timothy posted 3 days ago | from the sometimes-the-good-guys-win dept.

Bitcoin 46

An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)

Amnesty International Releases Tool To Combat Government Spyware

timothy posted 3 days ago | from the doing-the-right-thing dept.

Privacy 94

New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt, a tool that finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent government surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool (downloadable here) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning.

Android Botnet Evolves, Could Pose Threat To Corporate Networks

samzenpus posted 3 days ago | from the protect-ya-neck dept.

Botnet 54

angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.

Blowing On Money To Tell If It Is Counterfeit

samzenpus posted 3 days ago | from the huff-and-puff dept.

The Almighty Buck 112

HughPickens.com writes Scientific American reports that simply breathing on money could soon reveal if it's the real deal or counterfeit thanks to a photonic crystal ink developed by Ling Bai and Zhongze Gu and colleagues at Southeast University in Nanjing, China that can produce unique color changing patterns on surfaces with an inkjet printer system which would be extremely hard for fraudsters to reproduce. The ink mimics the way Tmesisternus isabellae – a species of longhorn beetle – reversibly switches its color from gold to red according to the humidity in its environment. The color shift is caused by the adsorption of water vapor in their hardened front wings, which alters the thickness and average refractive index of their multilayered scales. To emulate this, the team made their photonic crystal ink using mesoporous silica nanoparticles, which have a large surface area and strong vapor adsorption capabilities that can be precisely controlled. The complicated and reversible multicolor shifts of mesoporous CPC patterns are favorable for immediate recognition by naked eyes but hard to copy. "We think the ink's multiple security features may be useful for antifraud applications," says Bai, "however we think the technology could be more useful for fabricating multiple functional sensor arrays, which we are now working towards."

Court Shuts Down Alleged $120M Tech Support Scam

samzenpus posted 3 days ago | from the shutting-it-down dept.

The Courts 125

wiredmikey writes A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than $120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines.

According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between $29 and $49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as $500, the FTC stated.

Congress Suggests Moat, Electronic Fence To Protect White House

samzenpus posted 4 days ago | from the greased-monkeys-with-straight-razors dept.

United States 211

PolygamousRanchKid writes Acting Secret Service director Joseph Clancy on Wednesday faced a number of tough questions from the House Judiciary Committee about the fence jumper who made it deep into the White House. But along with the tough questions, Clancy fielded a couple eyebrow raising suggestions on how to better protect the president's home. "Would a moat, water six feet around, be kind of attractive and effective?" Rep. Steve Cohen, D-Tenn., asked with trepidation. Rep. Louie Gohmert, R-Texas, asked: “Would you be in favor of removing the fence around the White House and having, maybe, a virtual or electronic fence around it?” Clancy liked the moat idea better than the electric fence. “My knee-jerk reaction to that would be no, sir,” he told Gohmert. “Partly because of the number of tourists that come up Pennsylvania Avenue and come up to that area.”

Martin Jetpack Closer To Takeoff In First Responder Applications

samzenpus posted 4 days ago | from the when-you-have-to-get-there-in-a-hurry dept.

Transportation 53

Zothecula writes Last year's redesign of the long-awaited Martin Jetpack was accompanied by plans to begin commercial sales in 2014, starting with emergency response services and individual sales to follow thereafter. The release date for the first responder Jetpack has since been revised to 2016, a prediction bolstered by the fresh announcement of a partnership between Martin Aircraft Company and US company Avwatch to develop air-based, first responder solutions for the US Department of Homeland Security and Department of Defense.

Republicans Block Latest Attempt At Curbing NSA Power

Soulskill posted 4 days ago | from the and-everybody-will-have-forgotten-about-it-in-two-years dept.

Republicans 428

Robotron23 writes: The latest attempt at NSA reform has been prevented from passage in the Senate by a margin of 58 to 42. Introduced as a means to stop the NSA collecting bulk phone and e-mail records on a daily basis, the USA Freedom Act has been considered a practical route to curtailment of perceived overreach by security services, 18 months since Edward Snowden went public. Opponents to the bill said it was needless, as Wall Street Journal raised the possibility of terrorists such as ISIS running amok on U.S. soil. Supporting the bill meanwhile were the technology giants Google and Microsoft. Prior to this vote, the bill had already been stripped of privacy protections in aid of gaining White House support. A provision to extend the controversial USA Patriot Act to 2017 was also appended by the House of Representatives.

Chrome 39 Launches With 64-bit Version For Mac OS X and New Developer Features

Soulskill posted 5 days ago | from the almost-over-the-hill dept.

Chrome 65

An anonymous reader writes "Google today released Chrome 39 for Windows, Mac, and Linux. The biggest addition in this release is 64-bit support for OS X, which first arrived in Chrome 38 beta. Unlike on Windows, where 32-bit and 64-bit versions will both continue to be available (users currently have to opt-in to use the 64-bit release), Chrome for Mac is now only available in 64-bit. There are also a number of security fixes and developer features. Here's the full changelog.

Microsoft Releases Out-of-Band Security Patch For Windows

timothy posted 5 days ago | from the as-circumstances-warrant dept.

Windows 176

mrspoonsi writes Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company's major platforms, is rated 'critical' and it is recommended that you install the patch immediately. The patch is rated 'critical' because it allows for elevation of privileges and will require a restart. The platforms that are affected include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1. Windows 10 Technical Preview customers are affected, too.

State Department Joins NOAA, USPS In Club of Hacked Federal Agencies

timothy posted about a week ago | from the more-funding-next-year dept.

United States 54

Hot on the heels of recent cyber attacks on NOAA, the USPS, and the White House, the New York Times reports that the U.S. State Department has also suffered an online security breach, though it's not clear who to blame. “This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system,” said one senior State Department official, adding that the department expected its systems to be up soon. ....The breach at the White House was believed to be the work of hackers in Russia, while the breaches at NOAA and the Postal Service were believed to the work of hackers inside China. Attributing attacks to a group or nation is difficult because hackers typically tend to route their attack through compromised web servers all over the world. A senior State Department official said the breach was discovered after “activity of concern” was detected on portions of its unclassified computer system. Officials did not say how long hackers may have been lurking in those systems, but security improvements were being added to them on Sunday.

FreeBSD 10.1 Released

timothy posted about two weeks ago | from the longstanding-contributions dept.

Operating Systems 119

An anonymous reader writes Version 10.1 of the venerable FreeBSD operating system has been released. The new version of FreeBSD offers support for booting from UEFI, automated generation of OpenSSH keys, ZFS performance improvements, updated (and more secure) versions of OpenSSH and OpenSSL and hypervisor enhancements. FreeBSD 10.1 is an extended support release and will be supported through until January 1, 2017. Adds reader aojensen: As this is the second release of the stable/10 branch, it focuses on improving the stability and security of the 10.0-RELEASE, but also introduces a set of new features including: vt(4) a new console driver, support for FreeBSD/i386 guests on the bhyve hypervisor, support for SMP on armv6 kernels, UEFI boot support for amd64 architectures, support for the UDP-Lite protocol (RFC 3828) support on both IPv4 and IPv6, and much more. For a complete list of changes and new features, the release notes are also available.

81% of Tor Users Can Be De-anonymized By Analysing Router Information

timothy posted about two weeks ago | from the keep-him-on-the-line dept.

Communications 136

An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'

Boeing Readies For First Ever Conjoined Satellite Launch

samzenpus posted about two weeks ago | from the two-by-two dept.

Space 67

Zothecula writes Boeing has successfully joined two of its 702SP satellites in a stacked configuration in preparation for a launch scheduled for early 2015. Aside from being the first involving conjoined satellites, the launch will also put the first satellites to enter service boasting an all-electric propulsion system into orbit. "Designed by Boeing Network & Space Systems and its defense and security advanced prototyping arm, Phantom Works, the 702SP (small platform) satellites are an evolution of the company's 702 satellite. Operating in the low- to mid-power ranges of 3 to 9 kW, instead of chemical propulsion, the satellites boast an all-electric propulsion system that Boeing says minimizes the mass of the spacecraft and maximizes payload capacity."

Slashdot Login

Need an Account?

Forgot your password?