Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

  • Wired Profiles John Brooks, the Programmer Behind Ricochet

    wabrandsma writes with this excerpt from Wired: John Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the "to" and "from" headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he'd made Ricochet's code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

    Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists's sources and others.

    43 comments | 9 hours ago

  • Secret Service Critics Pounce After White House Breach

    HughPickens.com writes On Friday evening, a man jumped the White House fence, sprinted across the North Lawn toward the residence, and was eventually tackled by agents, but not before he managed to actually enter the building. Now CBS reports that the security breach at the White House is prompting a new round of criticism for the Secret Service, with lawmakers and outside voices saying the incident highlights glaring deficiencies in the agency's protection of the president and the first family. "Because of corner-cutting and an ingrained cultural attitude by management of 'we make do with less,' the Secret Service is not protecting the White House with adequate agents and uniformed officers and is not keeping up to date with the latest devices for detecting intruders and weapons of mass destruction," says Ronald Kessler. "The fact that the Secret Service does not even provide a lock for the front door of the White House demonstrates its arrogance." But the Secret Service must also consider the consequences of overreaction says White House correspondent Major Garrett. "If you have a jumper and he is unarmed and has no bags or backpacks or briefcase, do you unleash a dog and risk having cell phone video shot from Pennsylvania Avenue of an unarmed, mentally ill person being bitten or menaced by an attack dog?" But Kessler says Julia Pierson, the first woman to head the Secret Service, has some explaining to do. "If the intruder were carrying chemical, biological or radiological weapons and President Obama and his family had been in, we would have had a dead president as well as a dead first family."

    176 comments | 13 hours ago

  • Emails Cast Unflattering Light On Internal Politics of Healthcare.gov Rollout

    An anonymous reader writes with this report from The Verge linking to and excerpting from a newly released report created for a committee in the U.S. House of Representatives, including portions of eight "damning emails" that offer an unflattering look at the rollout of the Obamacare website. The Government Office of Accountability released a report earlier this week detailing the security flaws in the site, but a report from the House Committee on Oversight and Government Reform released yesterday is even more damning. Titled, "Behind the Curtain of the HealthCare.gov Rollout," the report fingers the Centers for Medicare and Medicaid Services, which oversaw the development of the site, and its parent Department of Health and Human Services. "Officials at CMS and HHS refused to admit to the public that the website was not on track to launch without significant functionality problems and substantial security risks," the report says. "There is also evidence that the Administration, to this day, is continuing its efforts to shield ongoing problems with the website from public view." Writes the submitter: "The evidence includes emails that show Obamacare officials more interested in keeping their problems from leaking to the press than working to fix them. This is both both a coverup and incompetence."

    344 comments | yesterday

  • Data Archiving Standards Need To Be Future-Proofed

    storagedude writes Imagine in the not-too-distant future, your entire genome is on archival storage and accessed by your doctors for critical medical decisions. You'd want that data to be safe from hackers and data corruption, wouldn't you? Oh, and it would need to be error-free and accessible for about a hundred years too. The problem is, we currently don't have the data integrity, security and format migration standards to ensure that, according to Henry Newman at Enterprise Storage Forum. Newman calls for standards groups to add new features like collision-proof hash to archive interfaces and software.

    'It will not be long until your genome is tracked from birth to death. I am sure we do not want to have genome objects hacked or changed via silent corruption, yet this data will need to be kept maybe a hundred or more years through a huge number of technology changes. The big problem with archiving data today is not really the media, though that too is a problem. The big problem is the software that is needed and the standards that do not yet exist to manage and control long-term data,' writes Newman.

    110 comments | 2 days ago

  • Microsoft Kills Off Its Trustworthy Computing Group

    An anonymous reader writes Microsoft's Trustworthy Computing Group is headed for the axe, and its responsibilities will be taken over either by the company's Cloud & Enterprise Division or its Legal & Corporate Affairs group. Microsoft's disbanding of the group represents a punctuation mark in the industry's decades-long conversation around trusted computing as a concept. The security center of gravity is moving away from enterprise desktops to cloud and mobile and 'things,' so it makes sense for this security leadership role to shift as well. According to a company spokesman, an unspecified number of jobs from the group will be cut. Also today, Microsoft has announced the closure of its Silicon Valley lab. Its research labs in Redmond, New York, and Cambridge (in Massachusetts) will pick up some of the closed lab's operations.

    98 comments | 2 days ago

  • Google's Doubleclick Ad Servers Exposed Millions of Computers To Malware

    wabrandsma (2551008) writes with this excerpt from The Verge: Last night, researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems. After some digging, researcher Jerome Segura realized the problem was coming from Google's DoubleClick ad servers and the popular Zedo ad agency. Together, they were serving up malicious ads designed to spread the recently identified Zemot malware. A Google representative has confirmed the breach, saying "our team is aware of this and has taken steps to shut this down."

    218 comments | 2 days ago

  • Dropbox and Google Want To Make Open Source Security Tools Easy To Use

    An anonymous reader writes: Dropbox, Google, and the Open Technology Fund have announced a new organization focused on making open source security tools easier to use. Called Simply Secure, the initiative brings together security researchers with experts in user interaction and design to boost adoption rates for consumer-facing security solutions. The companies point out that various security options already do exist, and are technically effective. Features like two-factor authentication remain useless, however, because users don't adopt them due to inconvenience or technical difficulty.

    24 comments | 2 days ago

  • Putin To Discuss Plans For Disconnecting Russia From the Internet

    New submitter GlowingCat writes: Russian President Vladimir Putin and several high-ranking officials will discuss the security of the Russian segment of the Internet at the meeting of the Russian Security Council next week. According to various reports, the officials will make a number of decisions about regulating the use of the Internet in Russia. This includes the ability to cut off the Russian Internet, known as Runet, from the outside world, in case of emergency.

    238 comments | 2 days ago

  • TrueCrypt Gets a New Life, New Name

    storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

    245 comments | 2 days ago

  • Native Netflix Support Is Coming To Linux

    sfcrazy writes: Native support for Netflix is coming to Linux, thanks to their move from Silverlight to HTML5, Mozilla and Google Chrome. Paul Adolph from Netflix proposed a solution to Ubuntu developers: "Netflix will play with Chrome stable in 14.02 if NSS version 3.16.2 or greater is installed. If this version is generally installed across 14.02, Netflix would be able to make a change so users would no longer have to hack their User-Agent to play." The newer version of NSS is set to go out with the next security update.

    173 comments | 2 days ago

  • Home Depot Says Breach Affected 56 Million Cards

    wiredmikey writes: Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement. The home improvement retail giant also that it has completed a "major payment security project" that provides enhanced encryption of payment card data at point of sale in its U.S. stores. According to a recent report from Trend Micro (PDF), six new pieces of point-of-sale malware have been identified so far in 2014.

    77 comments | 2 days ago

  • The Myths and Realities of Synthetic Bioweapons

    Lasrick writes Three researchers from King's College, London, walk through the security threats posed by synthetic and do-it-yourself biology, assessing whether changes in technology and associated costs make it any easier for would-be terrorists to pursue biological weapons for high-consequence, mass- casualty attacks (and even whether they would want to). "Those who have overemphasized the bioterrorism threat typically portray it as an imminent concern, with emphasis placed on high-consequence, mass-casualty attacks, performed with weapons of mass destruction (WMD). This is a myth with two dimensions."

    36 comments | 2 days ago

  • Next Android To Enable Local Encryption By Default Too, Says Google

    An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.

    126 comments | 3 days ago

  • US Military Aware Only Belatedly of Chinese Attacks Against Transport Contractor

    itwbennett writes The Senate Armed Service Committee released on Wednesday an unclassified version of a report (PDF) commissioned last year to investigate cyberattacks against contractors for the U.S. Transportation Command (TRANSCOM). The report alleges that the Chinese military successfully stole emails, documents, login credentials and more from contractors, but few of those incidents were ever reported to TRANSCOM. During a one-year period starting in June 2012, TRANSCOM contractors endured more than 50 intrusions, 20 of which were successful in planting malware. TRANSCOM learned of only two of the incidents. The FBI, however, was aware of 10 of the attacks.

    13 comments | 3 days ago

  • Australian Police Arrest 15, Charge 2, For Alleged Islamic State Beheading Plot

    The Washington Post reports (building on a short AP report they're also carrying) that "[Australian] police have arrested 15 people allegedly linked to the Islamic State, some who plotted a public beheading." According to the Sydney Morning Herald, of the arrestees, only two have been charged. From the Washington Post story: “Police said the planned attack was to be “random.” The killers were to behead a victim and then drape the body in the black Islamic State flag, according to the Sydney Morning Herald. ... Direct exhortations were coming from an Australian who is apparently quite senior in [the Islamic State] to networks of support back in Australia to conduct demonstration killings here in this country,” Australian Prime Minister Tony Abbott said at a press conference, as the BBC reported. “So this is not just suspicion, this is intent and that’s why the police and security agencies decided to act in the way they have.”

    165 comments | 3 days ago

  • Tinba Trojan Targets Major US Banks

    An anonymous reader writes Tinba, the tiny (20 KB) banking malware with man-in-the-browser and network traffic sniffing capabilities, is back. After initially being made to target users of a small number of banks, that list has been amplified and now includes 26 financial institutions mostly in the US and Canada, but some in Australia and Europe as well. Tinba has been modified over the years, in an attempt to bypass new security protections set up by banks, and its source code has been leaked on underground forums a few months ago. In this new campaign, the Trojan gets delivered to users via the Rig exploit kit, which uses Flash and Silverlight exploits. The victims get saddled with the malware when they unknowingly visit a website hosting the exploit kit."

    61 comments | 4 days ago

  • eBay Redirect Attack Puts Buyers' Credentials At Risk

    mrspoonsi points out this BBC story about an eBay breach that was directing users to a spoof site. "eBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace's welcome page. The firm was alerted to the hack on Wednesday night but removed the listings only after a follow-up call from the BBC more than 12 hours later. One security expert said he was surprised by the length of time taken. 'EBay is a large company and it should have a 24/7 response team to deal with this — and this case is unambiguously bad,' said Dr Steven Murdoch from University College London's Information Security Research Group. The security researcher was able to analyze the listing involved before eBay removed it. He said that the technique used was known as a cross-site scripting (XSS) attack."

    37 comments | 4 days ago

  • NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations

    Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.

    103 comments | 5 days ago

  • Why Is It Taking So Long To Secure Internet Routing?

    CowboyRobot writes: We live in an imperfect world where routing-security incidents can still slip past deployed security defenses, and no single routing-security solution can prevent every attacks. Research suggests, however, that the combination of RPKI (Resource Public Key Infrastructure) with prefix filtering could significantly improve routing security; both solutions are based on whitelisting techniques and can reduce the number of autonomous systems that are impacted by prefix hijacks, route leaks, and path-shortening attacks. "People have been aware of BGP’s security issues for almost two decades and have proposed a number of solutions, most of which apply simple and well-understood cryptography or whitelisting techniques. Yet, many of these solutions remain undeployed (or incompletely deployed) in the global Internet, and the vulnerabilities persist. Why is it taking so long to secure BGP?"

    85 comments | 5 days ago

  • FBI Completes New Face Recognition System

    Advocatus Diaboli writes: According to a report from Gizmodo, "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications." Techdirt points out that an assessment of how this system affects privacy was supposed to have preceded the actual rollout. Unfortunately, that assessment is nowhere to be found.

    Two recent news items are related. First, at a music festival in Boston last year, face recognition software was tested on festival-goers. Boston police denied involvement, but were seen using the software, and much of the data was carelessly made available online. Second, both Ford and GM are working on bringing face recognition software to cars. It's intended for safety and security — it can act as authentication and to make sure the driver is paying attention to the road.

    129 comments | 5 days ago

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>