We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
First time accepted submitter River Tam writes Cybercriminals behind the TorrenLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections worldwide, of which over 9,000 were from Australia. If you're a Windows user in Australia who's had their files encrypted by hackers after visiting a bogus Australia Post website, chances are you were infected by TorrentLocker and may have contributed to the tens of thousands of dollars likely to have come from Australia due to this digital shakedown racket.
25 comments | 2 hours ago
mrspoonsi writes The proposal was made by the Google developers working on the search firm's Chrome browser. The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser. If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security". Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. In addition, since September Google has prioritised HTTPS sites in its search rankings.
124 comments | 4 hours ago
tobiasly writes The country's top five theater chains — Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment — have decided not to play Sony's The Interview. This comes after the group which carried off a massive breach of its networks threatened to carry out "9/11-style attacks" on theaters that showed the film. Update: Sony has announced that it has cancelled the planned December 25 theatrical release.
337 comments | 7 hours ago
Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. "A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users' consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor's control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user's permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad."
63 comments | 9 hours ago
An anonymous reader sends this quote from TechDirt:
As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt.
Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.
157 comments | yesterday
Lemeowski writes: Cloud, big data, and agile were three of the technology terms that were brandished the most by IT leaders in 2014. Yet, there could be a real danger in buying into the hype without understanding the implications of the technologies, writes Pearson CTO Sven Gerjets. In this essay, Gerjets warns that many IT executives drop the ball when it comes to "defining how a new technology approach will add value" to their organization. He says: "Yes, you can dive into an IT fad without thinking about it, but I can promise you'll look back and be horrified someday. The only time you can fully adopt some of these new methods is when you are starting from scratch. Most of us don't have that luxury because we are working with legacy architectures and technical debt so you have to play hand you've been dealt, communicate well, set clear and measurable outcomes, and use these fads to thoughtfully supplement the environment you are working in to benefit the ecosystem."
151 comments | yesterday
jfruh writes Google Chairman Eric Schmidt told a conference on surveillance at the Cato Institute that Edward Snowden's revelations on NSA spying shocked the company's engineers — who then immediately started working on making the company's servers and services more secure. Now, after a year and a half of work, Schmidt says that Google's services are the safest place to store your sensitive data.
272 comments | 2 days ago
Forbes contributor Jason Evangelho has nothing good to say about a recent Windows 7 patch that's causing a range of trouble for some users. He writes: If you have Windows 7 set to automatically update every Tuesday, it may be to permanently disable that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it. The first issue that caught my attention, via AMD’s Robert Hallock, is that KB 3004394 blocks the installation or update of graphics drivers such as AMD’s new Catalyst Omega. Nvidia users are also reporting difficulty installing GeForce drivers, though I can’t confirm this personally as my machines are all Windows 8.1. Hallock recommended manually uninstalling the update, advice now echoed officially by Microsoft. More troubles are detailed in the article; on the upside, Microsoft has released a fix.
228 comments | 3 days ago
New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch
the very foundations of the internet with AT&T indefinitely halting
future GigaPower FTTH
due to uncertainty
over the future of net neutrality and the Obama
administration proposing to regulate
the internet under Title 2, highly suggestive jobs were recently
to Google Careers.
These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.
One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?
At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?
38 comments | 3 days ago
MojoKid writes Seagate's just-announced a new 'Archive' HDD series, one that offers capacities of 5TB, 6TB, and 8TB. That's right, 8 Terabytes of storage on a single drive and for only $260 at that. Back in 2007, Seagate was one of the first to release a hard drive based on perpendicular magnetic recording, a technology that was required to help us break past the roadblock of achieving more than 250GB per platter. Since then, PMR has evolved to allow the release of drives as large as 10TB, but to go beyond that, something new was needed. That "something new" is shingled magnetic recording. As its name suggests, SMR aligns drive tracks in a singled pattern, much like shingles on a roof. With this design, Seagate is able to cram much more storage into the same physical area. It should be noted that Seagate isn't the first out the door with an 8TB model, however, as HGST released one earlier this year. In lieu of a design like SMR, HGST decided to go the helium route, allowing it to pack more platters into a drive.
219 comments | 4 days ago
An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community seems unhappy with the agreement, and is choosing not to implement it, just to avoid the RPA, leaving the the Internet as a whole less secure.
57 comments | 5 days ago
colinneagle writes: Who's old enough to remember when the best technology was found at work, while at home we got by with clunky home computers and pokey dial-up modems? Those days are gone, and they don't look like they're ever coming back.
Instead, today's IT department is scrambling to deliver technology offerings that won't get laughed at — or, just as bad, ignored — by a modern workforce raised on slick smartphones and consumer services powered by data centers far more powerful than the one their company uses. And those services work better and faster than the programs they offer, partly because consumers don't have to worry about all the constraints that IT does, from security and privacy to, you know, actually being profitable. Plus, while IT still has to maintain all the old desktop apps, it also needs to make sure mobile users can do whatever they need to from anywhere at any time.
And that's just the users. IT's issues with corporate peers and leaders may be even rockier. Between shadow IT and other Software-as-a-Service, estimates say that 1 in 5 technology operations dollars are now being spent outside the IT department, and many think that figure is actually much higher. New digital initiatives are increasingly being driven by marketing and other business functions, not by IT. Today's CMOs often outrank the CIO, whose role may be constrained to keeping the infrastructure running at the lowest possible cost instead of bringing strategic value to the organization. Hardly a recipe for success and influence.
238 comments | 5 days ago
Rambo Tribble writes: Reuters reports that flights from Heathrow, Gatwick, and many other airports have been shut down "due to a computer failure." The information comes from European air traffic control body Eurocontrol. No official word as yet as to the nature of the failure. "One source told the BBC the problem was caused by a computer glitch that co-ordinates the flights coming into London and puts the flights in sequence as they come into land or take off. He described it as a 'flight planning tool problem.'" Incoming flights are still being accommodated.
68 comments | 5 days ago
msm1267 writes A researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that put email message content, contact information and much more at risk. The researcher said the weakness is relatively simple to exploit and puts users at high risk for data loss, identity theft, and more. Yahoo has patched one issue related to a specific .swf file hosted on Yahoo's content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin. While the patch fixed this specific issue, the larger overall configuration issue remains, meaning that other vulnerable .swf files hosted outside the Yahoo CDN and on another Yahoo subdomain could be manipulated the same way.
49 comments | 5 days ago
HughPickens.com writes Lily Hay Newman reports at Slate that Sony is counterhacking to keep its leaked files from spreading across torrent sites. According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony used a similar approach in the early 2000s working with an anti-piracy firm called MediaDefender, when illegal file sharing exploded. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as "Spider-Man," to entice users to spend hours downloading an empty file. "Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy," writes Newman. "Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
185 comments | about a week ago
First time accepted submitter Amanda Parker writes In July the US warned of a terrorism risk which led countries, such as France and the UK, to step up their security screening for flights to the US. Secretary of Homeland Security Jeh Johnson directed the TSA to implement enhanced security measures. In his statement on 6 July, Johnson warned that passengers could also be asked to "power up some devices, including cell phones" and stated that "powerless devices will not be permitted on board the aircraft". In light of the US Transportation Security Administration's (TSA) recent tightening of airport security to include stricter screening of electronic devices, is the TSA right to be cautious or have its actions caused unnecessary hassle for passengers?
184 comments | about a week ago
cold fjord writes: The Weekly Standard reports, "This week, the Department of Health and Human Services (HHS) announced the release of the Federal Health IT Strategic Plan 2015-2020, which details the efforts of some 35 departments and agencies of the federal government and their roles in the plan to 'advance the collection, sharing, and use of electronic health information to improve health care, individual and community health, and research.' ... Now that HHS has publicly released the Federal Health IT Strategic Plan, the agency is seeking the input from the public before implementation. The plan is subject to two-month period of public comment before finalization. The comment period runs through February 6, 2015." Among the many agencies that will be sharing records besides Health and Human Services are: Department of Agriculture, Department of Defense, Department of Education, Department of Justice and Bureau of Prison, Department of Labor, Federal Communications Commission, Federal Trade Commission, National Aeronautics and Space Administration, Office of Personnel Management, National Institute of Standards and Technology.
209 comments | about a week ago
Trailrunner7 writes: Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it's representative of the genre of malware that doesn't just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords. The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.
80 comments | about a week ago
An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.
170 comments | about a week ago
SmartAboutThings writes Since the first version of Windows, Microsoft has offered the operating system on a initial fee purchase. But under new management, it seems that this strategy could shift into new monetization methods, a subscription-based model being the most probable one. At the recent Credit Suisse Technology Conference from last week, Chief Operating Officer Kevin Turner was speaking (transcript in Microsoft Word format) to investors about the fact that Microsoft is interested in exploring new monetization methods for its Windows line of products. The company might adopt a new pricing model for the upcoming operating system, as it looks to shift away from the one-time initial purchase to an ongoing-revenue basis.
415 comments | about a week ago