Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Smart Meters and New IoT Devices Cause Serious Concern

Soulskill posted 11 hours ago | from the your-smart-tinfoil-hat-won't-even-save-you dept.

Security 141

dkatana writes: The ongoing deployment of internet-of-things devices is already creating serious issues and discussions about the privacy of users, IoT security, and the potential threat of cyber criminals taking control of sensors and smart devices connected to the Internet.

Security and privacy concerns associated with smart meters are why they are currently "optional" in several countries. That's the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that "smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life."
This now applies to televisions as well — an article in Salon discusses the author's new "smart" TV, which came with a 46-page privacy policy. Quoting: "It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect 'when you have viewed particular content or a particular email message.' It records 'the apps you use, the websites you visit, and how you interact with content.' It ignores 'do-not-track' requests as a considered matter of policy. It also has a built-in camera — with facial recognition."

Facebook Sets Up Shop On Tor

Soulskill posted 13 hours ago | from the mixing-privacy-with-antiprivacy dept.

Facebook 119

itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook's onion address. This was done both for internal technical reasons and as a way for users to verify Facebook's ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time.

Breaching Air-Gap Security With Radio

Soulskill posted yesterday | from the hitting-you-where-you-live dept.

Security 77

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

samzenpus posted yesterday | from the get-it-out dept.

Google 67

An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."

Vulnerabilities Found (and Sought) In More Command-Line Tools

timothy posted yesterday | from the one-thing-at-a-time dept.

Security 85

itwbennett writes The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems [also mentioned here]. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools.

Cutting the Cord? Time Warner Loses 184,000 TV Subscribers In One Quarter

timothy posted 2 days ago | from the jacked-up-my-bill-lately-too dept.

Businesses 386

Mr D from 63 (3395377) writes Time Warner Cable's results have been buoyed recently by higher subscriber numbers for broadband Internet service. In the latest period, however, Time Warner Cable lost 184,000 overall residential customer relationships [Note: non-paywalled coverage at Bloomberg and Reuters]. The addition of 92,000 residential high-speed data customers was offset by 184,000 fewer residential video customers in the quarter. Triple play customers fell by 24,000, while residential voice additions were 14,000.

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

timothy posted 2 days ago | from the big-targets-get-hit-first dept.

Security 75

Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.

Security Companies Team Up, Take Down Chinese Hacking Group

samzenpus posted 2 days ago | from the end-of-the-line dept.

Security 63

daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.

Apple Pay Competitor CurrentC Breached

samzenpus posted 2 days ago | from the raise-shields dept.

The Almighty Buck 264

tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."

Hackers Breach White House Network

Soulskill posted 2 days ago | from the dozens-of-solitaire-games-compromised dept.

Government 98

wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

Dangerous Vulnerability Fixed In Wget

Soulskill posted 2 days ago | from the under-the-radar dept.

Unix 58

jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security

Soulskill posted 3 days ago | from the what-could-possibly-go-wrong dept.

Privacy 139

An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."

Ask Slashdot: Unlimited Data Plan For Seniors?

timothy posted 3 days ago | from the goldarned-internet dept.

The Internet 170

New submitter hejman08 writes with a question probably faced by many whose parents, grandparents, and other relatives rely on them for tech support and advice, specifically one about finding an appropriate data plan for his grandmother, of whom he writes: She is on her own plan through Verizon with 1GB of data, and she literally blows through it in three days or less every month, then complains about having nothing to do. They have Wi-Fi at her senior center, but only in specific rooms, and she has bad ankles and knees so she wants to stay home. Internet service would cost 80 a month to add where she lives. What I am wondering, is if any of the genius slashdotters out there know of a plan that- regardless of cost of phone, which we could manage as a gift to her, once- would allow her to have at least 300 minutes, 250 texts, and truly unlimited data (as in none of that Unlimited* stuff that is out there where they drop you to caveman speeds within a gig of usage), all for the price of less than say, 65 a month? The big 4 carriers don't seem to have anything that would work for her. What would you recommend? (I might start with a signal repeater in a utility closet, myself, or some clandestine CAT5 from a friendly neighbor's place.)

OEM Windows 7 License Sales End This Friday

timothy posted 3 days ago | from the new-old-stock-will-persist-a-while dept.

Microsoft 241

colinneagle writes This Friday is Halloween, but if you try to buy a PC with Windows 7 pre-loaded after that, you're going to get a rock instead of a treat. Microsoft will stop selling Windows 7 licenses to OEMs after this Friday and you will only be able to buy a machine with Windows 8.1. The good news is that business/enterprise customers will still be able to order PCs 'downgraded' to Windows 7 Professional. Microsoft has not set an end date for when it will cut off Windows 7 Professional to OEMs, but it will likely be a while. This all fits in with typical Microsoft timing. Microsoft usually pulls OEM supply of an OS a year after it removes it from retail. Microsoft cut off the retail supply of Windows 7 in October of last year, although some retailers still have some remaining stock left. If the analytics from Steam are any indicator, Windows 8 is slowly working its way into the American public, but mostly as a Windows XP replacement. Windows 7, both 32-bit and 64-bit, account for 59% of their user base. Windows 8 and 8.1 account for 28%, while XP has dwindled to 4%.

Alienware's Triangular Area-51 Re-Design With Tri-SLI GeForce GTX 980, Tested

timothy posted 3 days ago | from the where-are-you-priorities dept.

Upgrades 137

MojoKid writes Dell's Alienware division recently released a radical redesign of their Area-51 gaming desktop. With 45-degree angled front and rear face plates that are designed to direct control and IO up toward the user, in addition to better directing cool airflow in, while warm airflow is directed up and away from the rear of the chassis, this triangular-shaped machine grabs your attention right away. In testing and benchmarks, the Area-51's new design enables top-end performance with thermal and acoustic profiles that are fairly impressive versus most high-end gaming PC systems. The chassis design is also pretty clean, modular and easily servicable. Base system pricing isn't too bad, starting at $1699 with the ability to dial things way up to an 8-core Haswell-E chip and triple GPU graphics from NVIDIA and AMD. The test system reviewed at HotHardware was powered by a six-core Core i7-5930K chip and three GeForce GTX 980 cards in SLI. As expected, it ripped through the benchmarks, though the price as configured and tested is significantly higher.

Debate Over Systemd Exposes the Two Factions Tugging At Modern-day Linux

Soulskill posted 4 days ago | from the fight-to-the-death dept.

Debian 852

walterbyrd (182728) sends this article about systemd from Paul Venezia, who writes: In discussions around the Web in the past few months, I've seen an overwhelming level of support of systemd from Linux users who run Linux on their laptops and maybe a VPS or home server. I've also seen a large backlash against systemd from Linux system administrators who are responsible for dozens, hundreds, or thousands of Linux servers, physical and virtual. ... The release of RHEL 7 has brought the reality of systemd to a significant number of admins whose mantra is stability over all else and who perhaps had not waded into the choppier waters of Fedora or Debian unstable to work with systemd before it arrived in RHEL.

Car Thieves and Insurers Vote On Keyless Car Security

Soulskill posted 4 days ago | from the experts-agree dept.

Transportation 219

RockDoctor writes: The BBC reports that Britain's car thieves, rapidly followed by Britain's car insurance companies, have been expressing their opinions on the security of keyless car entry and/or control systems. The thieves are happy to steal them (often using equipment intended for dealer maintenance of the vehicles) and in consequence the insurance companies are refusing to insure such vehicles (or to accept new policies on such vehicles) unless they are parked overnight in underground (or otherwise secured) car parks. I guess I won't be considering buying one of those for another generation. If ever.

Microsoft Is Bringing WebRTC To Explorer, Eyes Plugin-Free Skype Calls

samzenpus posted 4 days ago | from the call-window dept.

Microsoft 66

An anonymous reader writes Microsoft today announced it is backing the Web Real-Time Communication (WebRTC) technology and will be supporting the ORTC API in Internet Explorer. Put another way, the company is finally throwing its weight behind the broader industry trend of bringing voice and video calling to the browser without the need for plugins. Both Google and Mozilla are way ahead of Microsoft in this area, both in terms of adding WebRTC features to their respective browsers and in terms of building plugin-free calling services that rely on the technology. In short, Skype is under threat, and Microsoft has finally decided to opt for an "If you can't beat 'em, join 'em" strategy.

Book Review: Measuring and Managing Information Risk: a FAIR Approach

samzenpus posted 4 days ago | from the read-all-about-it dept.

Books 46

benrothke writes It's hard to go a day without some sort of data about information security and risk. Research from firms like Gartner are accepted without question; even though they can get their results from untrusted and unvetted sources. The current panic around Ebola shows how people are ill-informed about risk. While stressing over Ebola, the media is oblivious to true public health threats like obesity, heart disease, drunk driving, diabetes, and the like. When it comes to information security, it's not that much better. With myriad statistics, surveys, data breach reports, and global analyses of the costs of data breaches, there is an overabundance of data, and an under abundance of meaningful data. In Measuring and Managing Information Risk: A FAIR Approach, authors Jack Freund and Jack Jones have written a magnificent book that will change the way (for the better) you think about and deal with IT risk. Keep reading for the rest of Ben's review.

"Police Detector" Monitors Emergency Radio Transmissions

samzenpus posted 4 days ago | from the warning-warning-warning dept.

Communications 215

schwit1 writes A Dutch company has introduced a detection system that can alert you if a police officer or other emergency services official is using a two-way radio nearby. Blu Eye monitors frequencies used by the encrypted TETRA encrypted communications networks used by government agencies in Europe. It doesn't allow the user to listen in to transmissions, but can detect a radio in operation up to one kilometer away. Even if a message isn't being sent, these radios send pulses out to the network every four seconds and Blu Eye can also pick these up, according to The Sunday Times. A dashboard-mounted monitor uses lights and sounds to alert the driver to the proximity of the source, similar to a radar detector interface.

Slashdot Login

Need an Account?

Forgot your password?