Forgot your password?
typodupeerror

Catch up on stories from the past week (and beyond) at the Slashdot story archive

Sony

Sony Pictures Computer Sytems Shut Down After Ransomware Hack 145

Posted by Soulskill
from the try-long-enough-and-you-find-a-soft-target dept.
MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.
IT

Big IT Vendors Mostly Mum On Commercial Drone Plans 21

Posted by Soulskill
from the playing-possum dept.
alphadogg writes: Word that the Federal Aviation Administration might take a very hard line on commercial drone use has those with designs on such activity nervous. But as for big enterprise IT vendors, it's really hard to tell what they think because they're keeping any plans in this field very hush-hush. More consumer oriented companies like Amazon, Facebook, and Google are active, but companies like IBM and HP are quiet, while Microsoft affirms it has nothing doing. A former FAA lawyer says sitting on the sidelines even during this unsure regulatory period is probably not a great idea. "I have a hard time believing they don't have some sort of programs in place," attorney Mark Dombroff says.
Security

Regin Malware In EU Attack Linked To US and British Intelligence Agencies 114

Posted by samzenpus
from the guess-who dept.
Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.
United States

DHS Set To Destroy "Einstein" Surveillance Records 67

Posted by samzenpus
from the nothing-to-see-here dept.
schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.
Books

Book Review: Bulletproof SSL and TLS 84

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.
Businesses

LinkedIn Study: US Attracting Fewer Educated, Highly Skilled Migrants 308

Posted by samzenpus
from the best-and-brightest dept.
vinces99 writes The U.S. economy has long been powered in part by the nation's ability to attract the world's most educated and skilled people to its shores. But a new study of the worldwide migration of professionals to the U.S. shows a sharp drop-off in its proportional share of those workers – raising the question of whether the nation will remain competitive in attracting top talent in an increasingly globalized economy. The study, which used a novel method of tracking people through data from the social media site LinkedIn, is believed to be the first to monitor global migrations of professionals to the U.S., said co-author Emilio Zagheni, a University of Washington assistant professor of sociology and fellow of the UW eScience Institute. Among other things, the study, presented recently in Barcelona, Spain, found that just 13 percent of migrating professionals in the sample group chose the U.S. as a destination in 2012, down from 27 percent in 2000.
Security

Nuclear Weapons Create Their Own Security Codes With Radiation 101

Posted by samzenpus
from the missile-protect-thyself dept.
Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.
Security

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years 139

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.
Spam

Profanity-Laced Academic Paper Exposes Scam Journal 134

Posted by Soulskill
from the start-building-your-resume dept.
Frosty P writes: A scientific paper titled "Get Me Off Your F****** Mailing List" was actually accepted by the International Journal of Advanced Computer Technology. As reported at Vox and other web sites, the journal, despite its distinguished name, is a predatory open-access journal. These sorts of low-quality journals spam thousands of scientists, offering to publish their work for a fee. In 2005, computer scientists David Mazières and Eddie Kohler created this highly profane ten-page paper as a joke, to send in replying to unwanted conference invitations. It literally just contains that seven-word phrase over and over, along with a nice flow chart and scatter-plot graph. More recently, computer scientist Peter Vamplew sent it to the IJACT in response to spam from the journal, and the paper was automatically accepted with an anonymous reviewer rating it as "excellent," and requested a fee of $150. Over the years, the number of these predatory journals has exploded. Jeffrey Beall, a librarian at the University of Colorado, keeps an up-to-date list of them to help researchers avoid being taken in; it currently has 550 publishers and journals on it."
The Military

Ukraine's IT Brigade Supports the Troops 140

Posted by Soulskill
from the revenge-of-the-nerds dept.
An anonymous reader sends this story from BusinessWeek: Eight months ago, David Arakhamiya was running a small IT company in the southern Ukrainian city of Mykolayiv. Today, as an adviser to Ukraine’s defense minister, he oversees a massive crowdfunding effort that since March has raised about $300 million from ordinary citizens. The money is being used to equip Ukraine’s army with everything from uniforms, water, and other basic supplies to high-tech gear such as reconnaissance drones. Yaroslav Markevich, another IT entrepreneur with a small company in Kharkiv, once a Soviet hub for aviation technology, presented a plan to the commander of one Ukrainian battalion to create a drone unit after hearing stories about the efficiency of Russian drones. The commander said yes, and by the time his battalion was deployed early this summer, it was the only one in the army equipped with a fleet of short- and long-range drones. ... IT experts across Ukraine have been an important part of the volunteer effort to supply the army with equipment.
AT&T

Some Early Nexus 6 Units Returned Over Startup Bug 39

Posted by timothy
from the radiation-from-the-offworld-colonies dept.
The Register reports that Motorola has issued a recall for an early batch of its hotly anticipated new Nexus 6 smartphones that were sold through U.S. mobile carrier AT&T, owing to a software glitch that can reportedly causes the devices to boot to a black screen. ... AT&T retail stores have reportedly been told to return their existing inventory of the Nexus 6 and wait for new units to arrive from Motorola, which has already corrected the problem on its assembly line. Any customer who brings a defective unit into an AT&T store will receive a replacement. Motorola's memo to stores says that only initial shipments were affected, and that the problem has been identified. However, as the article mentions, there's thus far less luck for those like me who've found that at least some original Nexus 7 tablets do not play nicely with Lollipop. (The effects look nice, but it's never a good sign to see "System UI isn't responding. Do you want to close it?" on a tablet's screen.)
Open Source

Critical XSS Flaws Patched In WordPress and Popular Plug-In 40

Posted by timothy
from the switch-to-slashcode dept.
itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.
Encryption

Another Hint For Kryptos 50

Posted by timothy
from the it's-about-where-to-get-local-donuts dept.
rastos1 writes Four years ago Jim Sanborn, the sculptor who created the wavy metal pane called Kryptos that sits in front of the CIA in Langley revealed a clue for breaking the last remaining part of the encrypted message on Kryptos. The clue was: BERLIN. But the puzzle resisted all all decryption efforts and is still unsolved. To honor the 25th anniversary of the Wall's demise and the artist's 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It's only the second hint he's released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The next word in the sequence is: "clock."
United States

Greenwald Advises Market-Based Solution To Mass Surveillance 156

Posted by samzenpus
from the you-get-what-you-demand dept.
Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Bitcoin

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins 46

Posted by timothy
from the sometimes-the-good-guys-win dept.
An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)
Supercomputing

Does Being First Still Matter In America? 243

Posted by timothy
from the by-jingo dept.
dcblogs writes At the supercomputing conference, SC14, this week, a U.S. Dept. of Energy offical said the government has set a goal of 2023 as its delivery date for an exascale system. It may be taking a risky path with that amount of lead time because of increasing international competition. There was a time when the U.S. didn't settle for second place. President John F. Kennedy delivered his famous "we choose to go to the moon" speech in 1962, and seven years later a man walked on the moon. The U.S. exascale goal is nine years away. China, Europe and Japan all have major exascale efforts, and the government has already dropped on supercomputing. The European forecast of Hurricane Sandy in 2012 was so far ahead of U.S. models in predicting the storm's path that the National Oceanic and Atmospheric Administration was called before Congress to explain how it happened. It was told by a U.S. official that NOAA wasn't keeping up in computational capability. It's still not keeping up. Cliff Mass, a professor of meteorology at the University of Washington, wrote on his blog last month that the U.S. is "rapidly falling behind leading weather prediction centers around the world" because it has yet to catch up in computational capability to Europe. That criticism followed the $128 million recent purchase a Cray supercomputer by the U.K.'s Met Office, its meteorological agency.
Communications

WhatsApp To Offer End-to-End Encryption 93

Posted by timothy
from the trend-worth-extending dept.
L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?
Botnet

Android Botnet Evolves, Could Pose Threat To Corporate Networks 54

Posted by samzenpus
from the protect-ya-neck dept.
angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.
Businesses

Is a Moral Compass a Hindrance Or a Help For Startups? 197

Posted by samzenpus
from the playing-dirty dept.
Nerval's Lobster writes As an emerging company in a hotly contested space, Uber already had a reputation for playing hardball with competitors, even before reports leaked of one of its executives threatening to dig into the private lives of journalists. Faced with a vicious competitive landscape, Uber executives probably feel they have little choice but to plunge into multi-front battle. As the saying goes, when you're a hammer, everything looks like a nail; and when you're a startup that thinks it's besieged from all sides by entities that seem determined to shut you down, sometimes your executives feel the need to take any measure in order to keep things going, even if those measures are ethically questionable. As more than one analyst has pointed out, Uber isn't the first company in America to triumph through a combination of grit and ethically questionable tactics; but it's also not the first to implode thanks to the latter. Is a moral compass (or at least the appearance of one) a hindrance or a help for startups?
The Internet

Head of FCC Proposes Increasing Internet School Fund 106

Posted by Soulskill
from the dollars-for-bits dept.
Rambo Tribble writes: The commissioners at the FCC are expected to vote, on December 11, on a proposal by Chairman Tom Wheeler to increase the funding for the nation's largest educational technology subsidy program, E-Rate, by 62 percent. The proposal is intended to be paid for by higher fees on phone service. The increased cost is pegged at $1.92 a year, per telephone line. Support for the proposal, or lack thereof, appears to be falling along partisan lines. To quote Wheeler, however, "Almost two-thirds of American schools cannot appropriately connect their students to the 21st century."

What this country needs is a dime that will buy a good five-cent bagel.

Working...