Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cutting the Cord? Time Warner Loses 184,000 TV Subscribers In One Quarter

timothy posted 3 hours ago | from the jacked-up-my-bill-lately-too dept.

Businesses 290

Mr D from 63 (3395377) writes Time Warner Cable's results have been buoyed recently by higher subscriber numbers for broadband Internet service. In the latest period, however, Time Warner Cable lost 184,000 overall residential customer relationships [Note: non-paywalled coverage at Bloomberg and Reuters]. The addition of 92,000 residential high-speed data customers was offset by 184,000 fewer residential video customers in the quarter. Triple play customers fell by 24,000, while residential voice additions were 14,000.

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

timothy posted 4 hours ago | from the big-targets-get-hit-first dept.

Security 52

Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.

Security Companies Team Up, Take Down Chinese Hacking Group

samzenpus posted yesterday | from the end-of-the-line dept.

Security 62

daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.

Apple Pay Competitor CurrentC Breached

samzenpus posted yesterday | from the raise-shields dept.

The Almighty Buck 254

tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."

Hackers Breach White House Network

Soulskill posted yesterday | from the dozens-of-solitaire-games-compromised dept.

Government 96

wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

Dangerous Vulnerability Fixed In Wget

Soulskill posted yesterday | from the under-the-radar dept.

Unix 54

jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security

Soulskill posted 2 days ago | from the what-could-possibly-go-wrong dept.

Privacy 124

An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."

Ask Slashdot: Unlimited Data Plan For Seniors?

timothy posted 2 days ago | from the goldarned-internet dept.

The Internet 169

New submitter hejman08 writes with a question probably faced by many whose parents, grandparents, and other relatives rely on them for tech support and advice, specifically one about finding an appropriate data plan for his grandmother, of whom he writes: She is on her own plan through Verizon with 1GB of data, and she literally blows through it in three days or less every month, then complains about having nothing to do. They have Wi-Fi at her senior center, but only in specific rooms, and she has bad ankles and knees so she wants to stay home. Internet service would cost 80 a month to add where she lives. What I am wondering, is if any of the genius slashdotters out there know of a plan that- regardless of cost of phone, which we could manage as a gift to her, once- would allow her to have at least 300 minutes, 250 texts, and truly unlimited data (as in none of that Unlimited* stuff that is out there where they drop you to caveman speeds within a gig of usage), all for the price of less than say, 65 a month? The big 4 carriers don't seem to have anything that would work for her. What would you recommend? (I might start with a signal repeater in a utility closet, myself, or some clandestine CAT5 from a friendly neighbor's place.)

OEM Windows 7 License Sales End This Friday

timothy posted 2 days ago | from the new-old-stock-will-persist-a-while dept.

Microsoft 233

colinneagle writes This Friday is Halloween, but if you try to buy a PC with Windows 7 pre-loaded after that, you're going to get a rock instead of a treat. Microsoft will stop selling Windows 7 licenses to OEMs after this Friday and you will only be able to buy a machine with Windows 8.1. The good news is that business/enterprise customers will still be able to order PCs 'downgraded' to Windows 7 Professional. Microsoft has not set an end date for when it will cut off Windows 7 Professional to OEMs, but it will likely be a while. This all fits in with typical Microsoft timing. Microsoft usually pulls OEM supply of an OS a year after it removes it from retail. Microsoft cut off the retail supply of Windows 7 in October of last year, although some retailers still have some remaining stock left. If the analytics from Steam are any indicator, Windows 8 is slowly working its way into the American public, but mostly as a Windows XP replacement. Windows 7, both 32-bit and 64-bit, account for 59% of their user base. Windows 8 and 8.1 account for 28%, while XP has dwindled to 4%.

Alienware's Triangular Area-51 Re-Design With Tri-SLI GeForce GTX 980, Tested

timothy posted 2 days ago | from the where-are-you-priorities dept.

Upgrades 133

MojoKid writes Dell's Alienware division recently released a radical redesign of their Area-51 gaming desktop. With 45-degree angled front and rear face plates that are designed to direct control and IO up toward the user, in addition to better directing cool airflow in, while warm airflow is directed up and away from the rear of the chassis, this triangular-shaped machine grabs your attention right away. In testing and benchmarks, the Area-51's new design enables top-end performance with thermal and acoustic profiles that are fairly impressive versus most high-end gaming PC systems. The chassis design is also pretty clean, modular and easily servicable. Base system pricing isn't too bad, starting at $1699 with the ability to dial things way up to an 8-core Haswell-E chip and triple GPU graphics from NVIDIA and AMD. The test system reviewed at HotHardware was powered by a six-core Core i7-5930K chip and three GeForce GTX 980 cards in SLI. As expected, it ripped through the benchmarks, though the price as configured and tested is significantly higher.

Debate Over Systemd Exposes the Two Factions Tugging At Modern-day Linux

Soulskill posted 2 days ago | from the fight-to-the-death dept.

Debian 824

walterbyrd (182728) sends this article about systemd from Paul Venezia, who writes: In discussions around the Web in the past few months, I've seen an overwhelming level of support of systemd from Linux users who run Linux on their laptops and maybe a VPS or home server. I've also seen a large backlash against systemd from Linux system administrators who are responsible for dozens, hundreds, or thousands of Linux servers, physical and virtual. ... The release of RHEL 7 has brought the reality of systemd to a significant number of admins whose mantra is stability over all else and who perhaps had not waded into the choppier waters of Fedora or Debian unstable to work with systemd before it arrived in RHEL.

Car Thieves and Insurers Vote On Keyless Car Security

Soulskill posted 2 days ago | from the experts-agree dept.

Transportation 202

RockDoctor writes: The BBC reports that Britain's car thieves, rapidly followed by Britain's car insurance companies, have been expressing their opinions on the security of keyless car entry and/or control systems. The thieves are happy to steal them (often using equipment intended for dealer maintenance of the vehicles) and in consequence the insurance companies are refusing to insure such vehicles (or to accept new policies on such vehicles) unless they are parked overnight in underground (or otherwise secured) car parks. I guess I won't be considering buying one of those for another generation. If ever.

Microsoft Is Bringing WebRTC To Explorer, Eyes Plugin-Free Skype Calls

samzenpus posted 2 days ago | from the call-window dept.

Microsoft 66

An anonymous reader writes Microsoft today announced it is backing the Web Real-Time Communication (WebRTC) technology and will be supporting the ORTC API in Internet Explorer. Put another way, the company is finally throwing its weight behind the broader industry trend of bringing voice and video calling to the browser without the need for plugins. Both Google and Mozilla are way ahead of Microsoft in this area, both in terms of adding WebRTC features to their respective browsers and in terms of building plugin-free calling services that rely on the technology. In short, Skype is under threat, and Microsoft has finally decided to opt for an "If you can't beat 'em, join 'em" strategy.

Book Review: Measuring and Managing Information Risk: a FAIR Approach

samzenpus posted 3 days ago | from the read-all-about-it dept.

Books 46

benrothke writes It's hard to go a day without some sort of data about information security and risk. Research from firms like Gartner are accepted without question; even though they can get their results from untrusted and unvetted sources. The current panic around Ebola shows how people are ill-informed about risk. While stressing over Ebola, the media is oblivious to true public health threats like obesity, heart disease, drunk driving, diabetes, and the like. When it comes to information security, it's not that much better. With myriad statistics, surveys, data breach reports, and global analyses of the costs of data breaches, there is an overabundance of data, and an under abundance of meaningful data. In Measuring and Managing Information Risk: A FAIR Approach, authors Jack Freund and Jack Jones have written a magnificent book that will change the way (for the better) you think about and deal with IT risk. Keep reading for the rest of Ben's review.

"Police Detector" Monitors Emergency Radio Transmissions

samzenpus posted 3 days ago | from the warning-warning-warning dept.

Communications 211

schwit1 writes A Dutch company has introduced a detection system that can alert you if a police officer or other emergency services official is using a two-way radio nearby. Blu Eye monitors frequencies used by the encrypted TETRA encrypted communications networks used by government agencies in Europe. It doesn't allow the user to listen in to transmissions, but can detect a radio in operation up to one kilometer away. Even if a message isn't being sent, these radios send pulses out to the network every four seconds and Blu Eye can also pick these up, according to The Sunday Times. A dashboard-mounted monitor uses lights and sounds to alert the driver to the proximity of the source, similar to a radar detector interface.

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

timothy posted 5 days ago | from the if-you-could-turn-back-time dept.

Bug 126

operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."

Passwords: Too Much and Not Enough

Soulskill posted 5 days ago | from the 123456-trustno1-hunter2-letmein dept.

Security 222

An anonymous reader writes: Sophos has a blog post up saying, "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen."

Researcher Finds Tor Exit Node Adding Malware To Downloads

Soulskill posted about a week ago | from the at-least-it's-anonymous-malware dept.

Security 126

Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack.

What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.

Ubuntu 14.10 Released With Ambitious Name, But Small Changes

timothy posted about a week ago | from the I'd-hoped-for-ubiquitous dept.

Ubuntu 109

Ubuntu 14.10, dubbed Utopic Unicorn, has been released today (here are screenshots). PC World says that at first glance "isn't the most exciting update," with not so much as a new default wallpaper — but happily so: it's a stable update in a stable series, and most users will have no pressing need to update to the newest version. In the Ubuntu Next unstable series, though, there are big changes afoot: Along with Mir comes the next version of Ubuntu’s Unity desktop, Unity 8. Mir and the latest version of Unity are already used on Ubuntu Phone, so this is key for Ubuntu's goal of convergent computing — Ubuntu Phone and Ubuntu desktop will use the same display server and desktop shell. Ubuntu Phone is now stable and Ubuntu phones are arriving this year, so a lot of work has gone into this stuff recently. The road ahead looks bumpy however. Ubuntu needs to get graphics drivers supporting Mir properly. The task becomes more complicated when you consider that other Linux distributions — like Fedora — are switching to the Wayland display server instead of Mir. When Ubuntu Desktop Next becomes the standard desktop environment, the changes will be massive indeed. But for today, Utopic Unicorn is all about subtle improvements and slow, steady iteration.

Cisco Fixes Three-Year-Old Telnet Flaw In Security Appliances

timothy posted about a week ago | from the but-telnet's-otherwise-fine? dept.

Security 60

Trailrunner7 writes "There is a severe remote code execution vulnerability in a number of Cisco's security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years. The FreeBSD Project first disclosed the vulnerability in telnet in December 2011 and it was widely publicized at the time. Recently, Glafkos Charalambous, a security researcher, discovered that the bug was still present in several of Cisco's security boxes, including the Web Security Appliance, Email Security Appliance and Content Security Management Appliance. The vulnerability is in the AsyncOS software in those appliances and affects all versions of the products." At long last, though, as the article points out, "Cisco has released a patched version of the AsyncOS software to address the vulnerability and also has recommended some workarounds for customers."

Slashdot Login

Need an Account?

Forgot your password?