Security and privacy concerns associated with smart meters are why they are currently "optional" in several countries. That's the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that "smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life."
An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.
daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.
tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."
wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.
He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."
New submitter hejman08 writes with a question probably faced by many whose parents, grandparents, and other relatives rely on them for tech support and advice, specifically one about finding an appropriate data plan for his grandmother, of whom he writes: She is on her own plan through Verizon with 1GB of data, and she literally blows through it in three days or less every month, then complains about having nothing to do. They have Wi-Fi at her senior center, but only in specific rooms, and she has bad ankles and knees so she wants to stay home. Internet service would cost 80 a month to add where she lives. What I am wondering, is if any of the genius slashdotters out there know of a plan that- regardless of cost of phone, which we could manage as a gift to her, once- would allow her to have at least 300 minutes, 250 texts, and truly unlimited data (as in none of that Unlimited* stuff that is out there where they drop you to caveman speeds within a gig of usage), all for the price of less than say, 65 a month? The big 4 carriers don't seem to have anything that would work for her. What would you recommend? (I might start with a signal repeater in a utility closet, myself, or some clandestine CAT5 from a friendly neighbor's place.)
colinneagle writes This Friday is Halloween, but if you try to buy a PC with Windows 7 pre-loaded after that, you're going to get a rock instead of a treat. Microsoft will stop selling Windows 7 licenses to OEMs after this Friday and you will only be able to buy a machine with Windows 8.1. The good news is that business/enterprise customers will still be able to order PCs 'downgraded' to Windows 7 Professional. Microsoft has not set an end date for when it will cut off Windows 7 Professional to OEMs, but it will likely be a while. This all fits in with typical Microsoft timing. Microsoft usually pulls OEM supply of an OS a year after it removes it from retail. Microsoft cut off the retail supply of Windows 7 in October of last year, although some retailers still have some remaining stock left. If the analytics from Steam are any indicator, Windows 8 is slowly working its way into the American public, but mostly as a Windows XP replacement. Windows 7, both 32-bit and 64-bit, account for 59% of their user base. Windows 8 and 8.1 account for 28%, while XP has dwindled to 4%.
MojoKid writes Dell's Alienware division recently released a radical redesign of their Area-51 gaming desktop. With 45-degree angled front and rear face plates that are designed to direct control and IO up toward the user, in addition to better directing cool airflow in, while warm airflow is directed up and away from the rear of the chassis, this triangular-shaped machine grabs your attention right away. In testing and benchmarks, the Area-51's new design enables top-end performance with thermal and acoustic profiles that are fairly impressive versus most high-end gaming PC systems. The chassis design is also pretty clean, modular and easily servicable. Base system pricing isn't too bad, starting at $1699 with the ability to dial things way up to an 8-core Haswell-E chip and triple GPU graphics from NVIDIA and AMD. The test system reviewed at HotHardware was powered by a six-core Core i7-5930K chip and three GeForce GTX 980 cards in SLI. As expected, it ripped through the benchmarks, though the price as configured and tested is significantly higher.
walterbyrd (182728) sends this article about systemd from Paul Venezia, who writes:
In discussions around the Web in the past few months, I've seen an overwhelming level of support of systemd from Linux users who run Linux on their laptops and maybe a VPS or home server. I've also seen a large backlash against systemd from Linux system administrators who are responsible for dozens, hundreds, or thousands of Linux servers, physical and virtual. ... The release of RHEL 7 has brought the reality of systemd to a significant number of admins whose mantra is stability over all else and who perhaps had not waded into the choppier waters of Fedora or Debian unstable to work with systemd before it arrived in RHEL.
RockDoctor writes: The BBC reports that Britain's car thieves, rapidly followed by Britain's car insurance companies, have been expressing their opinions on the security of keyless car entry and/or control systems. The thieves are happy to steal them (often using equipment intended for dealer maintenance of the vehicles) and in consequence the insurance companies are refusing to insure such vehicles (or to accept new policies on such vehicles) unless they are parked overnight in underground (or otherwise secured) car parks. I guess I won't be considering buying one of those for another generation. If ever.
An anonymous reader writes Microsoft today announced it is backing the Web Real-Time Communication (WebRTC) technology and will be supporting the ORTC API in Internet Explorer. Put another way, the company is finally throwing its weight behind the broader industry trend of bringing voice and video calling to the browser without the need for plugins. Both Google and Mozilla are way ahead of Microsoft in this area, both in terms of adding WebRTC features to their respective browsers and in terms of building plugin-free calling services that rely on the technology. In short, Skype is under threat, and Microsoft has finally decided to opt for an "If you can't beat 'em, join 'em" strategy.
benrothke writes It's hard to go a day without some sort of data about information security and risk. Research from firms like Gartner are accepted without question; even though they can get their results from untrusted and unvetted sources. The current panic around Ebola shows how people are ill-informed about risk. While stressing over Ebola, the media is oblivious to true public health threats like obesity, heart disease, drunk driving, diabetes, and the like. When it comes to information security, it's not that much better. With myriad statistics, surveys, data breach reports, and global analyses of the costs of data breaches, there is an overabundance of data, and an under abundance of meaningful data. In Measuring and Managing Information Risk: A FAIR Approach, authors Jack Freund and Jack Jones have written a magnificent book that will change the way (for the better) you think about and deal with IT risk. Keep reading for the rest of Ben's review.
schwit1 writes A Dutch company has introduced a detection system that can alert you if a police officer or other emergency services official is using a two-way radio nearby. Blu Eye monitors frequencies used by the encrypted TETRA encrypted communications networks used by government agencies in Europe. It doesn't allow the user to listen in to transmissions, but can detect a radio in operation up to one kilometer away. Even if a message isn't being sent, these radios send pulses out to the network every four seconds and Blu Eye can also pick these up, according to The Sunday Times. A dashboard-mounted monitor uses lights and sounds to alert the driver to the proximity of the source, similar to a radar detector interface.