Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Copyright Reforms Legalize Back-Ups, Protect Parody

timothy posted 1 hour ago | from the thank-you-sirs-may-I-copy-another? dept.

United Kingdom 18

rastos1 writes A law has come into effect that permits UK citizens to make copies of CDs, MP3s, DVDs, Blu-rays and e-books. Consumers are allowed to keep the duplicates on local storage or in the cloud. While it is legal to make back-ups for personal use, it remains an offence to share the data with friends or family. Users are not allowed to make recordings of streamed music or video from Spotify and Netflix, even if they subscribe to the services. Thirteen years after iTunes launched, it is now legal to use it to rip CDs in the UK. Just as interesting are the ways that the new UK law explicitly, if imperfectly, protects parody.

New OS X Backdoor Malware Roping Macs Into Botnet

timothy posted 2 hours ago | from the sad-face-mac dept.

OS X 51

An anonymous reader writes New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted. The malware, dubbed Mac.BackDoor.iWorm, targets computers running OS X and makes extensive use of encryption in its routines, Dr. Web researchers noted. What's even more interesting is that it gets the IP address of a valid command and control (C&C) server from a post on popular news site Reddit. The malware is capable of discovering what other software is installed on the machine, opening a port on it, and sending a query to a web server to acquire the addresses of the C&C servers.

Bangladesh Considers Building World's 5th-largest Data Center In Earthquake Zone

samzenpus posted 10 hours ago | from the whole-lot-of-shaking-going-on dept.

Data Storage 56

An anonymous reader writes with news about a government plan to build a Tier IV data center in an earthquake prone district of Bangladesh. The Bangladesh Ministry of Information is considering the establishment of a Tier 4 data centre in Kaliakair, in the Gazipur region, an ambitious build which would constitute the fifth largest data centre in the world, if completed. And if it survives – the site planned for the project is prone to earthquakes. Earthquake activity in the environs is discouraging, with one nearby earthquake seven months ago in Ranir Bazar (3.8), and no less than ten within the same tectonic zone over the last three years, the largest of which measured 4.5 on the Richter scale.

Leaked Docs Reveal List of 30 Countries Hacked On Orders of FBI Informant Sabu

samzenpus posted yesterday | from the naming-names dept.

United States 69

blottsie writes A Federal Bureau of Investigation informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now. A cache of leaked IRC chat logs and other documents obtained by the Daily Dot reveals the 30 countries—including U.S. partners, such as the United Kingdom and Australia—tied to cyberattacks carried out under the direction of Hector Xavier Monsegur, better known as Sabu, who served as an FBI informant at the time of the attacks.

Obama Administration Argues For Backdoors In Personal Electronics

samzenpus posted yesterday | from the let-us-in dept.

Security 502

mi writes Attorney General Eric Holder called it is "worrisome" that tech companies are providing default encryption on consumer electronics, adding that locking authorities out of being able to access the contents of devices puts children at risk. “It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said at a conference on child sexual abuse, according to a text of his prepared remarks. “When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.”

iOS Trojan Targets Hong Kong Protestors

samzenpus posted yesterday | from the protect-ya-neck dept.

IOS 68

First time accepted submitter Kexel writes Security researchers have claimed to discover the first Apple iOS Trojan attack in a move to thwart the communications of pro-democracy Hong Kong activists. From the article: "The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday. They uncovered the spyware while investigating similar malware for Google Inc's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon. It is unclear how iOS devices get infected with Xsser, which is not disguised as an app."

Back To Faxes: Doctors Can't Exchange Digital Medical Records

Soulskill posted yesterday | from the have-you-tried-paper-airplanes dept.

Communications 228

nbauman writes: Doctors with one medical records system can't exchange information with systems made by other vendors, including those at their own hospitals, according to the New York Times. One ophthalmologist spent half a million dollars on a system, but still needs to send faxes to get the information where it needs to go. The largest vendor is Epic Systems, Madison, WI, which holds almost half the medical records in the U.S. A report from RAND described Epic as a "closed" platform that made it "challenging and costly" for hospitals to interconnect.

The situation is bad for patients and costly for medical works: if doctors can't exchange records, they'll face a 1% Medicare penalty, and UC Davis alone has a staff of 22 dedicated to communication. On top of that, Epic charges a fee to send data to some non-Epic systems. Congress has held hearings on the matter, and Epic has hired a lobbyist. Epic's founder, billionaire computer science major Judith Faulkner, said that Epic was one of the first to establish code and standards for secure interchange, which included user authentication provisions and a legally binding contract. She said the federal government, which gave $24 billion in incentive payments to doctors for computerization, should have done that. The Office of the National Coordinator for Health Information Technology said that it was a "top priority" and just recently wrote a 10-year vision statement and agenda for it.

Hundreds of Police Agencies Distributing Spyware and Keylogger

Soulskill posted yesterday | from the you-can-trust-us dept.

Electronic Frontier Foundation 70

realized sends this news from the EFF: For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.

As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.

China Worried About Terrorist Pigeons

Soulskill posted yesterday | from the lesser-known-cousin-to-carrier-pigeons dept.

China 92

An anonymous reader writes: A pleasant event was planned for the 65th anniversary of the founding of the People's Republic of China. A ceremony at Tiananmen Square would release 10,000 pigeons at sunrise to symbolize an era of peace. Unfortunately, even symbols of peace can apparently remind people of violence. Chinese authorities searched all 10,000 pigeons for "dangerous materials," after the government was concerned they might be used for attacks. The pigeons' feathers were checked, and they were given a cavity search as well. The reports did not indicate what kind of "dangerous materials" these pigeons might be carrying. It's unclear whether any pigeons disclosed terror plots under interrogation.

Linux Foundation Announces Major Network Functions Virtualization Project

Soulskill posted 2 days ago | from the building-future-tech dept.

Open Source 40

Andy Updegrove writes: The Linux Foundation this morning announced the latest addition to its family of major hosted open source initiatives: the Open Platform for NFV Project (OPNFV). Its mission is to develop and maintain a carrier-grade, integrated, open source reference platform for the telecom industry. Importantly, the thirty-eight founding members include not only cloud and service infrastructure vendors, but telecom service providers, developers and end users as well. The announcement of OPNFV highlights three of the most significant trends in IT: virtualization (the NFV part of the name refers to network function virtualization), moving software and services to the cloud, and collaboratively developing complex open source platforms in order to accelerate deployment of new business models while enabling interoperability across a wide range of products and services. The project is also significant for reflecting a growing recognition that open source projects need to incorporate open standards planning into their work programs from the beginning, rather than as an afterthought.

Microsoft's Asimov System To Monitor Users' Machines In Real Time

timothy posted 2 days ago | from the all-persons-who-enter-herein dept.

Stats 266

SmartAboutThings writes Microsoft will monitor users in the new Windows 9 Operating System in order to determine how the new OS is used, thus decide what tweaks and changes are need to be made. During Windows 8 testing, Microsoft said that they had data showing Start Menu usage had dropped, but it seems that the tools they were using at the time weren't as evolved as the new 'Asimov' monitor. The new system is codenamed 'Asimov' and will provide a near real-time view of what is happening on users' machines. Rest assured, the data is going to be obscured and aggregated, but intelligible enough to allow Microsoft to get detailed insights into user interactions with the OS. Mary Jo Foley says that the system was originally built by the Xbox Team and now is being used by the Windows team. Users who will download the technical preview of Windows 9, which is said to get unveiled today, will become 'power users' who will utilize the platform in unique scenarios. This will help Microsoft identify any odd bugs ahead of the final release.

Apple Fixes Shellshock In OS X

timothy posted 2 days ago | from the that's-mac-os-x-to-you-buddy dept.

Bug 164

jones_supa (887896) writes Apple has released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell. Bash, which is the default shell for many Linux-based operating systems, has been updated two times to fix the bug, and many Linux distributions have already issued updates to their users. When installed on an OS X Mavericks system, the patch upgrades the Bash shell from version 3.2.51 to version 3.2.53. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on the system first. An Apple representative told Ars Technica that OS X Yosemite, the upcoming version of OS X, will receive the patch later.

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers

Soulskill posted 2 days ago | from the definitely-totally-detects-fbi-malware-totally-definitely dept.

Security 28

Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.

CloudFlare Announces Free SSL Support For All Customers

Soulskill posted 2 days ago | from the big-step-in-the-right-direction dept.

Cloud 66

Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.

Tor Executive Director Hints At Firefox Integration

Soulskill posted 2 days ago | from the foxes-love-onions dept.

Encryption 116

blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.

CEO of Spyware Maker Arrested For Enabling Stalkers

Soulskill posted 2 days ago | from the reaping-what-you-sow dept.

Crime 194

An anonymous reader writes: U.S. authorities have arrested and indicted the CEO of a mobile software company for selling spyware that enables "stalkers and domestic abusers." The U.S. Department of Justice accuses the man of promoting and selling software that can "monitor calls, texts, videos and other communications on mobile phones without detection." The agency pointed out this is the first criminal case based on mobile spyware, and promised to aggressively pursue makers of similar software in the future. Here's the legal filing (PDF). The FBI, with approval from a District Court, has disabled the website hosting the software.

"The indictment alleges that StealthGenie's capabilities included the following: it recorded all incoming/outgoing voice calls; it intercepted calls on the phone to be monitored while they take place; it allowed the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius; and it allowed the purchaser to monitor the user's incoming and outgoing e-mail messages and SMS messages, incoming voicemail messages, address book, calendar, photographs, and videos. All of these functions were enabled without the knowledge of the user of the phone."

Man Walks Past Security Screening Staring At iPad, Causing Airport Evacuation

samzenpus posted 2 days ago | from the paying-attention dept.

Australia 216

First time accepted submitter chentiangemalc writes While Australia is on "high alert" for terror threats a man walked past a Sydney Airport security screening while engrossed in his iPad and delayed flights for an hour. From the article: "This event was captured on CCTV and unnerved officials so much that they evacuated passengers. As the Sydney Morning Herald reported, the man found himself (or, perhaps, didn't) going into the terminal through an exit passage that clearly was convenient for him, but less convenient for the hordes of passengers who not only had to be removed from Terminal 3, but also re-screened. A spokeswoman for Qantas told the Morning Herald: 'The man disembarked a flight and left. It appears he wasn't paying attention, was looking at his iPad, forgot something and walked back past (the security area).'"

Bash To Require Further Patching, As More Shellshock Holes Found

samzenpus posted 3 days ago | from the protect-ya-neck dept.

Security 326

Bismillah writes Google security researcher Michael 'lcamtuf' Zalewski says he's discovered a new remote code execution vulnerability in the Bash parser (CVE-2014-6278) that is essentially equivalent to the original Shellshock bug, and trival to exploit. "The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said. "The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.

Ask Slashdot: Multimedia-Based Wiki For Learning and Business Procedures?

samzenpus posted 3 days ago | from the a-little-help-please dept.

Businesses 97

kyle11 writes I'm scratching my head at how to develop a decent wiki for a large organization I work in. We support multiple technologies, across multiple locations, and have ways of doing things that become exponentially convoluted. I give IT training to many of these users for a particular technology, and other people do for other stuff as well. Now, I hate wikis because everyone who did one before failed and gave them a bad name. If it starts wrong, it is doomed to failure and irrelevance.

What I'm looking for would be something like a Wiki with YouTube built in — make a playlist of videos with embedded links for certain job based tasks. And reuse and recycle those videos in other playlists of other tasks as they may be applicable. It would go beyond the actual IT we work with and would include things like, "Welcome to working in this department. Here are 20 videos detailing stupid procedures you need to go through to request access to customers' systems/networks/databases to even think about doing your job." I tried MediaWiki and Xwiki, and maybe I'm doing it wrong, but I can't seem to find a way to tweak them to YouTube-level simplicity for anyone to contribute to without giving up on the thing because its' a pain in the butt.

My only real requirement is that it not be cloud-based because it will contain certain sensitive information and I'd like it all to live on one virtual machine if at all possible. I can't be the only one with this problem of enabling many people to contribute and sort their knowledge without knowing how an HTML tag works, or copying files into something more complicated than a web browser. What approaches have any of you out there taken to trying to solve a similar problem?

At CIA Starbucks, Even the Baristas Are Covert

samzenpus posted 3 days ago | from the secret-coffee dept.

Security 241

An anonymous reader writes with this interesting story about what it's like to work at “Store Number 1,” the CIA's Starbucks. The new supervisor thought his idea was innocent enough. He wanted the baristas to write the names of customers on their cups to speed up lines and ease confusion, just like other Starbucks do around the world. But these aren't just any customers. They are regulars at the CIA Starbucks. "They could use the alias 'Polly-O string cheese' for all I care," said a food services supervisor at the Central Intelligence Agency, asking that his identity remain unpublished for security reasons. "But giving any name at all was making people — you know, the undercover agents — feel very uncomfortable. It just didn't work for this location."

Slashdot Login

Need an Account?

Forgot your password?