Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

U2 manager wants ISPs to cut off illegal downloads

mask.of.sanity Moral arbiter (1 comments)

Long live TPB!

But I sympathise with Boner; he must have spent all his millions on free shows dictating what's right for everyone else.

more than 6 years ago

Submissions

top

NSA man says agency can track you through power lines

mask.of.sanity mask.of.sanity writes  |  about three weeks ago

mask.of.sanity (1228908) writes "Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals."
Link to Original Source
top

Redmond is 'patching' Windows 8 but NOT Windows 7, say security bods

mask.of.sanity mask.of.sanity writes  |  about 2 months ago

mask.of.sanity (1228908) writes "Microsoft has left Windows 7 exposed by only applying security upgrades to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries using a custom diffing tool and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities. The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks. (Video, slides)."
Link to Original Source
top

Spotty solar power management platform could crash the grid

mask.of.sanity mask.of.sanity writes  |  about 3 months ago

mask.of.sanity (1228908) writes "Criminals could potentially cause black-outs and mess with power grid configurations by exploiting flaws in a popular solar panel management system used by thousands of homes and businesses. The threat is substantial because, as the company boasts, its eponymous management system runs globally on roughly 229,300 solar plants that typically pump out 566TWh of electrical energy, or so we're told."
Link to Original Source
top

Silly sysadmins ADDING Heartbleed to servers

mask.of.sanity mask.of.sanity writes  |  about 3 months ago

mask.of.sanity (1228908) writes "At least 2500 website administrators have made their previously secure sites vulnerable to Heartbleed more than a month after the bug sent the world into a hacker-fearing frenzy.

Opera Software developer Yngve Pettersen discovered the bungle while probing for Heartbleed vulnerable systems in the weeks after the bug was disclosed on April 7. He pinged half a million separate servers of sites rated as popular by Alexa and found hapless admins had, presumably in a panic, updated their then-unaffected-or-possibly-new boxes to the latest offering and in doing so introduced the Heartbleed bug."

Link to Original Source
top

McAfee accused of McSlurping Open Source Vulnerability Database

mask.of.sanity mask.of.sanity writes  |  about 3 months ago

mask.of.sanity (1228908) writes "Intel security subsidiary McAfee may be in hot water after it allegedly scraped thousands of records from the Open Source Vulnerability Database instead of paying for them. The slurp was said to be conducted using fast scripts that rapidly changed the user agent, and was launched after McAfee formally inquired about purchasing a license to the data. Law experts say site's copyright could be breached by individuals merely downloading the information in contravention to the site's policies, and did not require the data to be subsequently disseminated."
Link to Original Source
top

Web cesspit 4chan touts '$20 bug bounty' after hackers ruin Moot's day

mask.of.sanity mask.of.sanity writes  |  about 3 months ago

mask.of.sanity (1228908) writes "4chan's Moot has launched a bug bounty for the site after it was hacked, but is offering a meagre $20 in "self-serve ad spend" for all bugs. The bounty programme was launched after the website and Moot's Amazon accounts were hacked. The intrusion spelled the end for DrawQuest which was closed after Moot decided it was not worth spending money to ensure the unprofitable but popular drawing platform was secure."
Link to Original Source
top

iPhone factory reset strikes dead forensic investigations

mask.of.sanity mask.of.sanity writes  |  about 3 months ago

mask.of.sanity (1228908) writes "Felons wanting to thwart forensic investigators need only perform a factory reset of any current model iPhone including the 4s, 5c and 5s.
Apple's decision to encrypt data on the iPhone is responsible for this state of affairs because a factory reset not only wipes data but also erases the decryption key required to reveal the handset's contents. Forensic investigators will need to wait until the release of a jailbreak for the devices in order to image the phones."

Link to Original Source
top

Ubuntu 14.04 lock screen bypass: just hold enter

mask.of.sanity mask.of.sanity writes  |  about 2 months ago

mask.of.sanity (1228908) writes "A user has discovered an embarrassingly simple security security vulnerability affecting the latest version of Ubuntu, which allows snoops to bypass the lock screen. Password protection on machines running Ubuntu 14.04 could be bypassed by simply holding the enter key for about 30 seconds, crashing Unity. Developers worked quickly to issue a fix for the flaw described as 'critical'."
Link to Original Source
top

Hacker holds key to free flights

mask.of.sanity mask.of.sanity writes  |  about 4 months ago

mask.of.sanity (1228908) writes "A security researcher says he has developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app. The 18 year-old computer science undergrad didn't reveal the 'bypass' which gets the holder of the fraudulent ticket past the last scanner and onto the jetway; he's saving that for his talk at Hack in the Box in Amsterdam next month."
Link to Original Source
top

World's largest DDoS strikes US, Europe

mask.of.sanity mask.of.sanity writes  |  about 6 months ago

mask.of.sanity (1228908) writes "CloudFlare has been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector. The Network Time Protocol Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault. CloudFlare said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification."
Link to Original Source
top

Russia bans Bitcoin

mask.of.sanity mask.of.sanity writes  |  about 6 months ago

mask.of.sanity (1228908) writes "Russia has banned digital currency Bitcoin under existing laws and dubbed use of the crypto-currency as "suspicious". The Central Bank of Russia considers Bitcoin as a form of "money substitute" or "money surrogate" (statement in Russian) which is restricted under Russian law. However, unlike use of restricted foreign currencies, Bitcoin has been outright banned. The US Library of Congress has issued a report examining the regulatory approaches national financial authorities have taken to the currency."
Link to Original Source
top

Hacker gets Facebook's 'keys to the kingdom'

mask.of.sanity mask.of.sanity writes  |  about 6 months ago

mask.of.sanity (1228908) writes "Facebook has paid out its largest bug bounty of $33,500 for a serious remote code execution vulnerability which also returned Facebook's etc/passwd. The researcher could change Facebook's use of Gmail as an OpenID provider to a URL he controlled, and then sent a request carrying malicious XML code. The Facebook response included its etc/passwd which contained essential login information such as system administrator data and user IDs. The company quickly patched the flaw and awarded him for the proof of concept remote code execution which he quietly disclosed to them."
Link to Original Source
top

Microsoft researchers slash Skype fraud by 68%

mask.of.sanity mask.of.sanity writes  |  about 6 months ago

mask.of.sanity (1228908) writes "Life could become more difficult for fraudsters on Skype thanks to new research by Microsoft boffins that promises to cut down on fake accounts across the platform.

The research (PDF) combined information from diverse sources including a user's profile, activities and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection.

The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate."

Link to Original Source
top

Hackers gain 'full control' of critical SCADA systems

mask.of.sanity mask.of.sanity writes  |  about 7 months ago

mask.of.sanity (1228908) writes "Researchers have found holes in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. They also identified more than 150 zero day vulnerabilities of varying degrees of severity affecting the control systems and some 60,000 industrial control system devices exposed to the public internet."
Link to Original Source
top

Flaws found in mandated aircraft safety system

mask.of.sanity mask.of.sanity writes  |  about 7 months ago

mask.of.sanity (1228908) writes "Aircraft flying to the world's most popular airports could be placed in danger by accurate yet inexpensive attacks targeting the ADS-B widespread aviation safety system.

Researchers proved in a paper [PDF] that attackers with control over a wireless network and possessing off-the-shelf equipment could with off the shelf technology flood air traffic control monitors with images of fake aircraft, an attack previously identified but thought laregly theoretical. They also discovered a new attack in which attackers could modify the trajectory of those in the sky which undermined the object of the system to provide pilots with information on the location and direction of aircraft.

The system is required for flights cruising above 29,000 feet in the US and Australia."

Link to Original Source
top

Google's plan to kill the corporate network

mask.of.sanity mask.of.sanity writes  |  about 8 months ago

mask.of.sanity (1228908) writes "Google has revealed details on its Beyond Corp project to scrap the notion of a corporate network and move to a zero-trust model.

The company perhaps unsurprisingly considers the traditional notion of perimeter defences and its respective gadgetry as a dead duck, and has moved to authenticate and authorise its 42,000 staff so they can access Google HQ from anywhere (video).

Google also revealed it was perhaps the biggest Apple shop in the world with 43,000 devices deployed and staff only allowed to use Windows with a supporting business case."

Link to Original Source
top

Aussie spies raid lawyer office seeking Timor wiretap documents

mask.of.sanity mask.of.sanity writes  |  about 8 months ago

mask.of.sanity (1228908) writes "A lawyer says Australian spy agents have raided his office in search of documentary evidence he has taken to the Hague that Australia planted listening devices in East Timor offices to secure lucrative gas revenue.

The documents were apparent proof that Australia planted bugs in the walls of Timor offices in 2004 by sending in spies acting as aid workers.

A possible whistleblower was also arrested in separate but concurrent raids.

Two years later Australia secured a 50 percent stake in the $40 billion gas field that was located 100 kilometres from the then new nation and 400 kilometres from Australia."

Link to Original Source
top

Devs plan open source hardware-software router to beat government snooping

mask.of.sanity mask.of.sanity writes  |  about 8 months ago

mask.of.sanity (1228908) writes "Four security researchers have designed a router based on open source components they say will make security and privacy verifiable and more accessible to users.

The Open Router Project router would be built on open source hardware and software and run a custom Linux Yocto distribution with a Freescale QorIQ P1010 processor. A list of secure features planned is here.

The devs have opened a $200,000 crowdfunding goal they say will bring the router up to the first manufacturing run."

Link to Original Source
top

Users ID'ed through typing, mouse movements

mask.of.sanity mask.of.sanity writes  |  about 8 months ago

mask.of.sanity (1228908) writes "Users can be identified with a half percent margin of error based on the way they type. The research work has been spun into an application that could continuously authenticate users, rather than just relying on passwords, and could lock accounts if another person jumped on the computer. Researchers are now integrating mouse movements and clicks, and mobile touch patterns into the work."
Link to Original Source

Journals

mask.of.sanity has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...