Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Security

Heartbleed To Blame For Community Health Systems Breach 69

Posted by Soulskill
from the bet-you-wish-you'd-patched dept.
An anonymous reader writes: The Heartbleed vulnerability is the cause of the data breach at Community Health Systems, which resulted in 4.5 million records (containing patient data) being compromised. According to a blog post from TrustedSec, the attackers targeted a vulnerable Juniper router and obtained credentials, which allowed them access to the network's VPN.
China

Why Chinese Hackers Would Want US Hospital Patient Data 164

Posted by timothy
from the makes-great-gift-wrapping-too dept.
itwbennett (1594911) writes In a follow-up to yesterday's story about the Chinese hackers who stole hospital data of 4.5 million patients, IDG News Service's Martyn Williams set out to learn why the data, which didn't include credit card information, was so valuable. The answer is depressingly simple: people without health insurance can potentially get treatment by using medical data of one of the hacking victims. John Halamka, chief information officer of the Beth Israel Deaconess Medical Center and chairman of the New England Healthcare Exchange Network, said a medical record can be worth between $50 and $250 to the right customer — many times more than the amount typically paid for a credit card number, or the cents paid for a user name and password. "If I am one of the 50 million Americans who are uninsured ... and I need a million-dollar heart transplant, for $250 I can get a complete medical record including insurance company details," he said.
Censorship

Knocking Down the Great Firewall of China 161

Posted by Soulskill
from the crumbling-from-a-million-tiny-cracks dept.
New submitter Nocturrne writes: The FOSS project Lantern is having great success in unblocking the internet for many users in oppressive regimes, like China and Iran. Much like Tor and BitTorrent, Lantern is using peer-to-peer networking to overcome firewalls, but with the additional security of a trusted network of friends. "If you download Lantern in an uncensored region, you can connect with someone in a censored region, who can then access whatever content they want through you. What makes the system so unique is that it operates on the basis of trust. ... Through a process called consistent routing, the amount of information any single Lantern user can learn about other users is limited to a small subset, making infiltration significantly more difficult." The network of peers is growing, but we need more friends in uncensored countries to join us.
Government

Leaked Documents: GCHQ Made Port-Scanning Entire Countries a Standard Spy Tool 58

Posted by timothy
from the small-island-nation-with-a-lot-of-curiosity dept.
Advocatus Diaboli writes with this excerpt from Heise: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail. Also from the article: The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration) (Figure 4). Given that in the meantime, port scanning tools like Zmap have been developed which allow anyone to do comprehensive scans, it is not the technology used that is shocking, but rather the gargantuan scale and pervasiveness of the operation.
Networking

Groundwork Laid For Superfast Broadband Over Copper 93

Posted by Soulskill
from the now-your-plumbing-can-double-as-ethernet-wiring dept.
itwbennett writes: Telecom equipment vendor Adtran has developed a technology that will make it easier for operators to roll out broadband speeds close to 500Mbps over copper lines. Adtran's FDV (Frequency Division Vectoring), enhances the capabilities of two technologies — VDSL2 with vectoring and G.fast — by enabling them to better coexist over a single subscriber line, the company said. VDSL2 with vectoring, which improves speeds by reducing noise and can deliver up to 150Mbps, is currently being rolled out by operators, while G.fast, which is capable of 500Mbps, is still under development, with the first deployments coming in mid-2015. FDV will make it easier for operators to roll out G.fast once it's ready and expand where it can be used, according to Adtran. Meanwhile, Ars Technica has an article about how Verizon is letting its copper network rot in order to passively encourage customers to switch to fiber.
Security

Supervalu Becomes Another Hacking Victim 27

Posted by Soulskill
from the another-day-another-breach dept.
plover sends this news about another possible exposure of customer data: Supervalu is the latest retailer to experience a data breach, announcing today that cybercriminals had accessed payment card transactions at some of its stores. The Minneapolis-based company said it had "experienced a criminal intrusion" into the portion of its computer network that processes payment card transactions for some of its stores. There was no confirmation that any cardholder data was in fact stolen and no evidence the data was misused, according to the company. The event occurred between June 22 and July 17, 2014 at 180 Supervalu stores and stand-alone liquor stores. Affected banners include Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy.
Security

Watch a Cat Video, Get Hacked: the Death of Clear-Text 166

Posted by Soulskill
from the internet-doomed dept.
New submitter onproton writes: Citizen Lab released new research today on a targeted exploitation technique used by state actors involving "network injection appliances" installed at ISPs. These devices can target and intercept unencrypted YouTube traffic and replace it with malicious code that gives the operator control over the system or installs a surveillance backdoor. One of the researchers writes, "many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites...many of these commonly held beliefs are not necessarily true." This technique is largely designed for targeted attacks, so it's likely most of us will be safe for now — but just one more reminder to use https.
The Internet

DARPA Contemplates Vast Ocean Network 12

Posted by samzenpus
from the under-the-sea dept.
coondoggie writes Probably one of the last and perhaps unforgiving areas of the world not truly "wired" is above and below the ocean. Researchers at the Defense Advanced Research Projects Agency (DARPA) want to explore the possibility of seriously changing that notion and develop what it calls "a system-of-systems architecture and critical components to support networked maritime operations, to include undersea, surface, and above surface domains."
Shark

Kevlar Protects Cables From Sharks, Experts Look For Protection From Shark Week 103

Posted by samzenpus
from the just-when-you-thought-it-was-safe-to-turn-on-the-TV dept.
Brandon Butler writes As an ode to Shark Week: Sharks have been known to show an appetite for fiber cables underwater, and last week a Google official said to prevent sharks from wreaking havoc on the company's trans-Pacific fiber lines, it wraps them in Kevlar. It's believed that the emission of electrical currents from the fiber piping is mistaken by sharks occasionally as prey. In related news, a growing number of scientists are becoming disgruntled with the Discovery network's sensationalist programs. Many shark experts are refusing to work with the channel after such programs as their Megalodon "documentary" and their latest Shark of Darkness (not to mention the mermaid special, which was sadly missing a singing crab.)

Sockatume writes The Verge has an article on Discovery's hugely successful Shark Week, discussing how the increasing sensationalist special event misrepresents science and exploits nature and local history for shock value. Scientists who appeared in and were misrepresented by the channel's programming are beginning to encourage their peers to stay away from the Discovery network, which stands by the programming 's viewing figures.
Networking

T-Mobile To Throttle Customers Who Use Unlimited LTE Data For Torrents/P2P 147

Posted by Soulskill
from the who-torrents-over-mobile-anyway dept.
New submitter User0x45 writes: Here's a nicely transparent announcement: "T-mobile has identified customers who are heavy data users and are engaged in peer-to-peer file sharing, and tethering outside of T-Mobile’s Terms and Conditions (T&C). This results in a negative data network experience for T-Mobile customers. Beginning August 17, T-Mobile will begin to address customers who are conducting activities outside of T-Mobile’s T&Cs." Obviously, it's not a good announcement for people with unlimited plans, but at least it's clear. T-mobile also pulled the backwards anti-net neutrality thing by happily announcing 'Free Streaming' from select music providers... which is, in effect, making non-select usage fee-based.
The Military

Snowden: NSA Working On Autonomous Cyberwarfare Bot 194

Posted by Unknown Lamer
from the bad-movie-plot dept.
WIRED published a long piece on Edward Snowden today (worth a read on its own), and simultaneously broke news of "MonsterMind," an NSA program to monitor all network traffic and detect attacks, responding with a counterattack automatically. From the article: Although details of the program are scant, Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat. More than this, though, Snowden suggests MonsterMind could one day be designed to return fire — automatically, without human intervention... Snowden raised two issues with the program: the source of an attack could be spoofed to trick the U.S. into attacking an innocent third party, and the violation of the fourth amendment since the NSA would effectively need to monitor all domestic network traffic for the program to work. Also in Bamford's interview are allegations that the NSA knocked Syria offline in 2012 after an attempt to install intercept software on an edge router ended with the router being bricked.
Media

Xbox One Will Play Media from USB Devices, DLNA Servers 112

Posted by Soulskill
from the revolution-will-not-be-streamed dept.
New submitter Mauro sends word that Microsoft has announced upcoming Xbox One support for streaming media both from attached USB devices, such as flash drives, and DLNA media servers. Compatibility with a broad list of media formats will be added by the end of the year, including .MKV files. They also followed up last week's announcement of a digital TV tuner with an interesting twist: it will be able to stream broadcasts over a local network to devices running the Smartglass app, which is available on Windows, Android, and iOS.
Bitcoin

Network Hijacker Steals $83,000 In Bitcoin 101

Posted by Unknown Lamer
from the rerouting-the-internet-for-fun-and-profit dept.
An anonymous reader writes with news that bogus BGP announcements can be used to hijack work done by cryptocurrency mining pools. Quoting El Reg: Researchers at Dell's SecureWorks Counter Threat Unit (CTU) have identified an exploit that can be used to steal cryptocurrency from mining pools — and they claim that at least one unknown miscreant has already used the technique to pilfer tens of thousands of dollars in digital cash. The heist was achieved by using bogus Border Gateway Protocol (BGP) broadcasts to hijack networks belonging to multiple large hosting companies, including Amazon, Digital Ocean, and OVH, among others. After sending the fake BGP updates miners unknowingly contributed work to the attackers' pools.
Businesses

Facebook Acquires Server-Focused Security Startup 18

Posted by samzenpus
from the answering-the-acquisition-request dept.
wiredmikey writes In a move to bolster the security of its massive global server network, Facebook announced on Thursday it was acquiring PrivateCore, a Palo Alto, California-based cybersecurity startup. PrivateCore describes that its vCage software transparently secures data in use with full memory encryption for any application, any data, anywhere on standard x86 servers. "I'm really excited that Facebook has entered into an agreement to acquire PrivateCore," Facebook security chief Joe Sullivan wrote in a post to his own Facebook page. "I believe that PrivateCore's technology and expertise will help support Facebook's mission to help make the world more open and connected, in a secure and trusted way," Sullivan said. "Over time, we plan to deploy PrivateCore's technology directly into the Facebook server stack."
Wireless Networking

The Hidden Cost of Your New Xfinity Router 224

Posted by timothy
from the opt-out-options-obviate-opposition dept.
An anonymous reader writes "The battle over Comcast's public WiFi network that is hosted on your cable modem continues. Comcast responded to Speedify's earlier power measurements by rushing them a new Cisco cable modem. The new modem proved to be more power hungry than the last, and also introduced some tricky IPv6 problems that caused major headaches for the team."
Medicine

Why Bhutan Might Get Drone Delivery Copters Before Seattle Does 102

Posted by timothy
from the go-where-they'll-let-you-in dept.
From Quartz comes the story of a Silicon Valley start-up trying to kickstart a delivery system using package-laden drones to overfly gridlocked traffic — in Bhutan. Bhutanese roads are slow, the weather can be brutal, and there are very few physicians to go around. That’s why, earlier this year, the Bhutanese government and the World Health Organization reached out to Matternet, a Palo Alto company backed by some big name American investors that develops transportation networks using unmanned aerial vehicles to reach hard-to-access places. ... The project in Bhutan, however, is the first big test for the startup. Matternet is aiming to build a network of low-cost quadcopters to connect the country’s main hospitals with rural communities. Matternet uses small quadcopters that can carry loads of about four pounds across 20 km at a time, to and from pre-designated landing stations. The company is able to track these flights in real-time, and aims to eventually deploy fully-automated landing stations that replace drone batteries, giving them extended range and flight time. The drones it uses typically cost between $2,000-5,000.
Networking

Expensive Hotels Really Do Have Faster Wi-Fi 72

Posted by timothy
from the starbucks-is-my-airport-lounge dept.
OpenSignal, by means of mobile apps for iOS and Android, has been amassing data on Wi-Fi and cell-network signal strength. They released yesterday a few of their findings on the speed of Wi-Fi available at U.S. chain hotels (download speeds, specifically). Though it shouldn't be surprising that (as their data shows) more expensive hotels generally have faster speeds, I know it hasn't always matched my own experience. (Hotel chains also vary, even within brands, in whether the in-room Wi-Fi is free, cheap, or exorbitant.) If the in-room connection is flaky or expensive, though, from the same report it seems you'll do better by popping into a Google-networked Starbucks location than one fed by AT&T, and McDonalds beats Panera Bread by quite a bit.
Facebook

Facebook Seeks Devs To Make Linux Network Stack As Good As FreeBSD's 195

Posted by timothy
from the high-praise-all-around dept.
An anonymous reader writes Facebook posted a career application which, in their own words is 'seeking a Linux Kernel Software Engineer to join our Kernel team, with a primary focus on the networking subsystem. Our goal over the next few years is for the Linux kernel network stack to rival or exceed that of FreeBSD.' Two interesting bullet points listing "responsibilities": Improve IPv6 support in the kernel, and eliminate perf and stability issues. FB is one of the worlds largest IPv6 deployments; Investigate and participate in emerging protocols (MPTCP, QUIC, etc) discussions,implementation, experimentation, tooling, etc.
Networking

Verizon Throttles Data To "Provide Incentive To Limit Usage" 316

Posted by timothy
from the tell-me-more-about-the-word-unlimited dept.
An anonymous reader writes About a week ago, the Federal Communications Commission (FCC) asked for Verizon's justification on its policy of throttling users who pay for unlimited data usage. "I know of no past Commission statement that would treat 'as reasonable network management' a decision to slow traffic to a user who has paid, after all, for 'unlimited' service," the FCC wrote. In its response, Verizon has indicated that its throttling policy is meant to provide users with an incentive to limit their data usage. The company explained that "a small percentage of the customers on these [unlimited] plans use disproportionately large amounts of data, and, unlike subscribers on usage-based plans, they have no incentive not to do so during times of unusually high demand....our practice is a measured and fair step to ensure that this small group of customers do not disadvantage all others."
Cellphones

T-Mobile Smartphones Outlast Competitors' Identical Models 127

Posted by timothy
from the power-function dept.
An anonymous reader writes Laptop Mag battery tested the leading phones on all four major U.S. carriers and found that the same models on T-Mobile typically last 1 to 3 hours longer on a charge. This trend is not new, but has continued for over 3 years of testing. The article says While we don’t know for certain why T-Mobile phones last longer on a charge, there are some strong possibilities. T-Mobile’s network could be more efficient at sending and receiving data because of the bands it uses, or maybe there are far fewer customers on its LTE network, easing the strain. Another possibility is that T-Mobile tends to pre-load less bloatware on its flagship devices relative to the other carriers. AT&T is firmly in second place in the battery life findings presented, with Verizon and Sprint jockeying for last of the four carriers measured. It woud be interesting to see a similar test battery for phones in marginal reception areas; searching for service seems to deplete my battery faster than talking does.

The universe is like a safe to which there is a combination -- but the combination is locked up in the safe. -- Peter DeVries

Working...