×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Is LTO Tape On Its Way Out?

Soulskill posted 2 hours ago | from the IT-no-longer-caught-on-tape dept.

Data Storage 59

storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increasingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum.

"If multiple vendors invest in a technology, it has a good chance of winning over the long haul," writes Newman, a long-time proponent of tape technology. "If multiple vendors have a technology they're not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market."

The People Who Are Branding Vulnerabilities

Soulskill posted 3 hours ago | from the it's-marketing-all-the-way-down dept.

Security 29

antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

Soulskill posted yesterday | from the try-long-enough-and-you-find-a-soft-target dept.

Sony 147

MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.

Big IT Vendors Mostly Mum On Commercial Drone Plans

Soulskill posted yesterday | from the playing-possum dept.

IT 21

alphadogg writes: Word that the Federal Aviation Administration might take a very hard line on commercial drone use has those with designs on such activity nervous. But as for big enterprise IT vendors, it's really hard to tell what they think because they're keeping any plans in this field very hush-hush. More consumer oriented companies like Amazon, Facebook, and Google are active, but companies like IBM and HP are quiet, while Microsoft affirms it has nothing doing. A former FAA lawyer says sitting on the sidelines even during this unsure regulatory period is probably not a great idea. "I have a hard time believing they don't have some sort of programs in place," attorney Mark Dombroff says.

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

samzenpus posted yesterday | from the guess-who dept.

Security 116

Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

DHS Set To Destroy "Einstein" Surveillance Records

samzenpus posted yesterday | from the nothing-to-see-here dept.

United States 69

schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

Book Review: Bulletproof SSL and TLS

samzenpus posted yesterday | from the read-all-about-it dept.

Books 84

benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.

LinkedIn Study: US Attracting Fewer Educated, Highly Skilled Migrants

samzenpus posted yesterday | from the best-and-brightest dept.

Businesses 308

vinces99 writes The U.S. economy has long been powered in part by the nation's ability to attract the world's most educated and skilled people to its shores. But a new study of the worldwide migration of professionals to the U.S. shows a sharp drop-off in its proportional share of those workers – raising the question of whether the nation will remain competitive in attracting top talent in an increasingly globalized economy. The study, which used a novel method of tracking people through data from the social media site LinkedIn, is believed to be the first to monitor global migrations of professionals to the U.S., said co-author Emilio Zagheni, a University of Washington assistant professor of sociology and fellow of the UW eScience Institute. Among other things, the study, presented recently in Barcelona, Spain, found that just 13 percent of migrating professionals in the sample group chose the U.S. as a destination in 2012, down from 27 percent in 2000.

Nuclear Weapons Create Their Own Security Codes With Radiation

samzenpus posted yesterday | from the missile-protect-thyself dept.

Security 102

Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

samzenpus posted 2 days ago | from the protect-ya-neck dept.

Security 139

An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

Profanity-Laced Academic Paper Exposes Scam Journal

Soulskill posted 3 days ago | from the start-building-your-resume dept.

Spam 134

Frosty P writes: A scientific paper titled "Get Me Off Your F****** Mailing List" was actually accepted by the International Journal of Advanced Computer Technology. As reported at Vox and other web sites, the journal, despite its distinguished name, is a predatory open-access journal. These sorts of low-quality journals spam thousands of scientists, offering to publish their work for a fee. In 2005, computer scientists David Mazières and Eddie Kohler created this highly profane ten-page paper as a joke, to send in replying to unwanted conference invitations. It literally just contains that seven-word phrase over and over, along with a nice flow chart and scatter-plot graph. More recently, computer scientist Peter Vamplew sent it to the IJACT in response to spam from the journal, and the paper was automatically accepted with an anonymous reviewer rating it as "excellent," and requested a fee of $150. Over the years, the number of these predatory journals has exploded. Jeffrey Beall, a librarian at the University of Colorado, keeps an up-to-date list of them to help researchers avoid being taken in; it currently has 550 publishers and journals on it."

Ukraine's IT Brigade Supports the Troops

Soulskill posted 3 days ago | from the revenge-of-the-nerds dept.

The Military 140

An anonymous reader sends this story from BusinessWeek: Eight months ago, David Arakhamiya was running a small IT company in the southern Ukrainian city of Mykolayiv. Today, as an adviser to Ukraine’s defense minister, he oversees a massive crowdfunding effort that since March has raised about $300 million from ordinary citizens. The money is being used to equip Ukraine’s army with everything from uniforms, water, and other basic supplies to high-tech gear such as reconnaissance drones. Yaroslav Markevich, another IT entrepreneur with a small company in Kharkiv, once a Soviet hub for aviation technology, presented a plan to the commander of one Ukrainian battalion to create a drone unit after hearing stories about the efficiency of Russian drones. The commander said yes, and by the time his battalion was deployed early this summer, it was the only one in the army equipped with a fleet of short- and long-range drones. ... IT experts across Ukraine have been an important part of the volunteer effort to supply the army with equipment.

Some Early Nexus 6 Units Returned Over Startup Bug

timothy posted 3 days ago | from the radiation-from-the-offworld-colonies dept.

AT&T 39

The Register reports that Motorola has issued a recall for an early batch of its hotly anticipated new Nexus 6 smartphones that were sold through U.S. mobile carrier AT&T, owing to a software glitch that can reportedly causes the devices to boot to a black screen. ... AT&T retail stores have reportedly been told to return their existing inventory of the Nexus 6 and wait for new units to arrive from Motorola, which has already corrected the problem on its assembly line. Any customer who brings a defective unit into an AT&T store will receive a replacement. Motorola's memo to stores says that only initial shipments were affected, and that the problem has been identified. However, as the article mentions, there's thus far less luck for those like me who've found that at least some original Nexus 7 tablets do not play nicely with Lollipop. (The effects look nice, but it's never a good sign to see "System UI isn't responding. Do you want to close it?" on a tablet's screen.)

Critical XSS Flaws Patched In WordPress and Popular Plug-In

timothy posted 3 days ago | from the switch-to-slashcode dept.

Open Source 40

itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.

Another Hint For Kryptos

timothy posted 4 days ago | from the it's-about-where-to-get-local-donuts dept.

Encryption 50

rastos1 writes Four years ago Jim Sanborn, the sculptor who created the wavy metal pane called Kryptos that sits in front of the CIA in Langley revealed a clue for breaking the last remaining part of the encrypted message on Kryptos. The clue was: BERLIN. But the puzzle resisted all all decryption efforts and is still unsolved. To honor the 25th anniversary of the Wall's demise and the artist's 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It's only the second hint he's released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The next word in the sequence is: "clock."

Greenwald Advises Market-Based Solution To Mass Surveillance

samzenpus posted 4 days ago | from the you-get-what-you-demand dept.

United States 156

Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins

timothy posted 5 days ago | from the sometimes-the-good-guys-win dept.

Bitcoin 46

An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)

Does Being First Still Matter In America?

timothy posted 5 days ago | from the by-jingo dept.

Supercomputing 243

dcblogs writes At the supercomputing conference, SC14, this week, a U.S. Dept. of Energy offical said the government has set a goal of 2023 as its delivery date for an exascale system. It may be taking a risky path with that amount of lead time because of increasing international competition. There was a time when the U.S. didn't settle for second place. President John F. Kennedy delivered his famous "we choose to go to the moon" speech in 1962, and seven years later a man walked on the moon. The U.S. exascale goal is nine years away. China, Europe and Japan all have major exascale efforts, and the government has already dropped on supercomputing. The European forecast of Hurricane Sandy in 2012 was so far ahead of U.S. models in predicting the storm's path that the National Oceanic and Atmospheric Administration was called before Congress to explain how it happened. It was told by a U.S. official that NOAA wasn't keeping up in computational capability. It's still not keeping up. Cliff Mass, a professor of meteorology at the University of Washington, wrote on his blog last month that the U.S. is "rapidly falling behind leading weather prediction centers around the world" because it has yet to catch up in computational capability to Europe. That criticism followed the $128 million recent purchase a Cray supercomputer by the U.K.'s Met Office, its meteorological agency.

WhatsApp To Offer End-to-End Encryption

timothy posted 5 days ago | from the trend-worth-extending dept.

Communications 93

L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?

Android Botnet Evolves, Could Pose Threat To Corporate Networks

samzenpus posted 5 days ago | from the protect-ya-neck dept.

Botnet 54

angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.

Slashdot Login

Need an Account?

Forgot your password?