×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

  • Syrian Electronic Army Takes Credit For News Site Hacking

    New submitter ddtmm writes The Syrian Electronic Army is claiming responsibility for the hacking of multiple news websites, including CBC News. Some users trying to access the CBC website reported seeing a pop-up message reading: "You've been hacked by the Syrian Electronic Army (SEA)." It appears the hack targeted a network used by many news organizations and businesses. A tweet from an account appearing to belong to the Syrian Electronic Army suggested the attacks were meant to coincide with the U.S. Thanksgiving on Thursday. The group claimed to have used the domain Gigya.com, a company that offers businesses a customer identity management platform, to hack into other sites via GoDaddy, its domain registrar. Gigya is "trusted by more than 700 leading brands," according to its website. The hacker or hackers redirected sites to the Syrian Electronic Army image that users saw. Gigya's operations team released a statement Thursday morning saying that it identified an issue with its domai registrar at 6:45 a.m. ET. The breach "resulted in the redirect of the Gigya.com domain for a subset of users," the company said. Among the websites known to be hacked so far are New York Times, Chicago Tribune, CNBC, PC World, Forbes, The Telegraph, Walmart and Facebook.

    17 comments | 8 hours ago

  • Ask Slashdot: Best Biometric Authentication System?

    kwelch007 writes I run a network for a company that does manufacturing primarily in a clean-room. We have many systems in place that track countless aspects of every step. However, we do not have systems in place to identify the specific user performing the step. I could do this easily, but asking users to input their AD login every time they perform a task is a time-waster (we have "shared" workstations throughout.) My question is, what technologies are people actually using successfully for rapid authentication? I've thought about fingerprint scanners, but they don't work because in the CR we have to wear gloves. So, I'm thinking either face-recognition or retinal scans...but am open to other ideas if they are commercially viable.

    125 comments | yesterday

  • Auto Industry Teams Up With Military To Stop Car Hacking

    An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.

    112 comments | yesterday

  • Is LTO Tape On Its Way Out?

    storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increasingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum.

    "If multiple vendors invest in a technology, it has a good chance of winning over the long haul," writes Newman, a long-time proponent of tape technology. "If multiple vendors have a technology they're not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market."

    273 comments | 2 days ago

  • The People Who Are Branding Vulnerabilities

    antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

    64 comments | 2 days ago

  • Sony Pictures Computer Sytems Shut Down After Ransomware Hack

    MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.

    154 comments | 2 days ago

  • Big IT Vendors Mostly Mum On Commercial Drone Plans

    alphadogg writes: Word that the Federal Aviation Administration might take a very hard line on commercial drone use has those with designs on such activity nervous. But as for big enterprise IT vendors, it's really hard to tell what they think because they're keeping any plans in this field very hush-hush. More consumer oriented companies like Amazon, Facebook, and Google are active, but companies like IBM and HP are quiet, while Microsoft affirms it has nothing doing. A former FAA lawyer says sitting on the sidelines even during this unsure regulatory period is probably not a great idea. "I have a hard time believing they don't have some sort of programs in place," attorney Mark Dombroff says.

    22 comments | 3 days ago

  • Regin Malware In EU Attack Linked To US and British Intelligence Agencies

    Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

    129 comments | 3 days ago

  • DHS Set To Destroy "Einstein" Surveillance Records

    schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

    71 comments | 3 days ago

  • Book Review: Bulletproof SSL and TLS

    benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.

    89 comments | 3 days ago

  • LinkedIn Study: US Attracting Fewer Educated, Highly Skilled Migrants

    vinces99 writes The U.S. economy has long been powered in part by the nation's ability to attract the world's most educated and skilled people to its shores. But a new study of the worldwide migration of professionals to the U.S. shows a sharp drop-off in its proportional share of those workers – raising the question of whether the nation will remain competitive in attracting top talent in an increasingly globalized economy. The study, which used a novel method of tracking people through data from the social media site LinkedIn, is believed to be the first to monitor global migrations of professionals to the U.S., said co-author Emilio Zagheni, a University of Washington assistant professor of sociology and fellow of the UW eScience Institute. Among other things, the study, presented recently in Barcelona, Spain, found that just 13 percent of migrating professionals in the sample group chose the U.S. as a destination in 2012, down from 27 percent in 2000.

    323 comments | 3 days ago

  • Nuclear Weapons Create Their Own Security Codes With Radiation

    Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.

    104 comments | 3 days ago

  • Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

    An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

    141 comments | 4 days ago

  • Profanity-Laced Academic Paper Exposes Scam Journal

    Frosty P writes: A scientific paper titled "Get Me Off Your F****** Mailing List" was actually accepted by the International Journal of Advanced Computer Technology. As reported at Vox and other web sites, the journal, despite its distinguished name, is a predatory open-access journal. These sorts of low-quality journals spam thousands of scientists, offering to publish their work for a fee. In 2005, computer scientists David Mazières and Eddie Kohler created this highly profane ten-page paper as a joke, to send in replying to unwanted conference invitations. It literally just contains that seven-word phrase over and over, along with a nice flow chart and scatter-plot graph. More recently, computer scientist Peter Vamplew sent it to the IJACT in response to spam from the journal, and the paper was automatically accepted with an anonymous reviewer rating it as "excellent," and requested a fee of $150. Over the years, the number of these predatory journals has exploded. Jeffrey Beall, a librarian at the University of Colorado, keeps an up-to-date list of them to help researchers avoid being taken in; it currently has 550 publishers and journals on it."

    134 comments | 5 days ago

  • Ukraine's IT Brigade Supports the Troops

    An anonymous reader sends this story from BusinessWeek: Eight months ago, David Arakhamiya was running a small IT company in the southern Ukrainian city of Mykolayiv. Today, as an adviser to Ukraine’s defense minister, he oversees a massive crowdfunding effort that since March has raised about $300 million from ordinary citizens. The money is being used to equip Ukraine’s army with everything from uniforms, water, and other basic supplies to high-tech gear such as reconnaissance drones. Yaroslav Markevich, another IT entrepreneur with a small company in Kharkiv, once a Soviet hub for aviation technology, presented a plan to the commander of one Ukrainian battalion to create a drone unit after hearing stories about the efficiency of Russian drones. The commander said yes, and by the time his battalion was deployed early this summer, it was the only one in the army equipped with a fleet of short- and long-range drones. ... IT experts across Ukraine have been an important part of the volunteer effort to supply the army with equipment.

    140 comments | 5 days ago

  • Some Early Nexus 6 Units Returned Over Startup Bug

    The Register reports that Motorola has issued a recall for an early batch of its hotly anticipated new Nexus 6 smartphones that were sold through U.S. mobile carrier AT&T, owing to a software glitch that can reportedly causes the devices to boot to a black screen. ... AT&T retail stores have reportedly been told to return their existing inventory of the Nexus 6 and wait for new units to arrive from Motorola, which has already corrected the problem on its assembly line. Any customer who brings a defective unit into an AT&T store will receive a replacement. Motorola's memo to stores says that only initial shipments were affected, and that the problem has been identified. However, as the article mentions, there's thus far less luck for those like me who've found that at least some original Nexus 7 tablets do not play nicely with Lollipop. (The effects look nice, but it's never a good sign to see "System UI isn't responding. Do you want to close it?" on a tablet's screen.)

    39 comments | 5 days ago

  • Critical XSS Flaws Patched In WordPress and Popular Plug-In

    itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.

    40 comments | 5 days ago

  • Another Hint For Kryptos

    rastos1 writes Four years ago Jim Sanborn, the sculptor who created the wavy metal pane called Kryptos that sits in front of the CIA in Langley revealed a clue for breaking the last remaining part of the encrypted message on Kryptos. The clue was: BERLIN. But the puzzle resisted all all decryption efforts and is still unsolved. To honor the 25th anniversary of the Wall's demise and the artist's 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It's only the second hint he's released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The next word in the sequence is: "clock."

    50 comments | about a week ago

  • Greenwald Advises Market-Based Solution To Mass Surveillance

    Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.

    157 comments | about a week ago

  • Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins

    An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)

    46 comments | about a week ago

Slashdot Login

Need an Account?

Forgot your password?