Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
China

US Seeks China's Help Against North Korean Cyberattacks 89

Posted by samzenpus
from the thanks-but-no-thanks dept.
An anonymous reader writes The United States has declined an offer by North Korea for a joint investigation into the hacking of Sony Pictures and asked China to help block cyber attacks. "We have discussed this issue with the Chinese to share information, express our concerns about this attack, and to ask for their cooperation," a senior administration official said. "In our cybersecurity discussions, both China and the United States have expressed the view that conducting destructive attacks in cyberspace is outside the norms of appropriate cyber behavior." China has so far seemed less than sympathetic: "Any civilized world will oppose hacker attacks or terror threats. But a movie like The Interview, which makes fun of the leader of an enemy of the U.S., is nothing to be proud of for Hollywood and U.S. society," said an editorial in The Global Times, a tabloid sister paper to China's official The People's Daily. "No matter how the U.S. society looks at North Korea and Kim Jong Un, Kim is still the leader of the country. The vicious mocking of Kim is only a result of senseless cultural arrogance."
Security

Cyberattack On German Steel Factory Causes 'Massive Damage' 167

Posted by Soulskill
from the social-engineering-is-the-bug-you-can't-fix dept.
An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.
Sony

North Korea Denies Responsibility for Sony Attack, Warns Against Retaliation 224

Posted by Soulskill
from the it-was-the-one-armed-nation-state dept.
jones_supa writes: A North Korean official said that the secretive regime wants to mount a joint investigation with the United States to identify who was behind the cyber attack against Sony Pictures. An unnamed spokesman of the North Korean foreign ministry was quoted by the country's state news agency, KCNA, describing U.S. claims they were behind the hack as "slander." "As the United States is spreading groundless allegations and slandering us, we propose a joint investigation with it into this incident," the official said, according to Agence France-Presse. Both the FBI and President Barack Obama have said evidence was uncovered linking the hack to to North Korea, but some experts have questioned the evidence tying the attack to Pyongyang. Meanwhile, reader hessian notes that 2600: The Hacker Quarterly has offered to let the hacker community distribute The Interview for Sony. It's an offer Sony may actually find useful, since the company is now considering releasing the movie on a "different platform." Reader Nicola Hahn warns that we shouldn't be too quick to accept North Korea as the bad guy in this situation: Most of the media has accepted North Korea's culpability with little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what's happening reveals tools of modern social control (PDF). Whether or not they're responsible for the attack, North Korea has now warned of "serious consequences" if the U.S. takes action against them for it.
Robotics

What Happens To Society When Robots Replace Workers? 538

Posted by Soulskill
from the fewer-wrong-orders-at-the-drivethru dept.
Paul Fernhout writes: An article in the Harvard Business Review by William H. Davidow and Michael S. Malone suggests: "The "Second Economy" (the term used by economist Brian Arthur to describe the portion of the economy where computers transact business only with other computers) is upon us. It is, quite simply, the virtual economy, and one of its main byproducts is the replacement of workers with intelligent machines powered by sophisticated code. ... This is why we will soon be looking at hordes of citizens of zero economic value. Figuring out how to deal with the impacts of this development will be the greatest challenge facing free market economies in this century. ... Ultimately, we need a new, individualized, cultural, approach to the meaning of work and the purpose of life. Otherwise, people will find a solution — human beings always do — but it may not be the one for which we began this technological revolution."

This follows the recent Slashdot discussion of "Economists Say Newest AI Technology Destroys More Jobs Than It Creates" citing a NY Times article and other previous discussions like Humans Need Not Apply. What is most interesting to me about this HBR article is not the article itself so much as the fact that concerns about the economic implications of robotics, AI, and automation are now making it into the Harvard Business Review. These issues have been otherwise discussed by alternative economists for decades, such as in the Triple Revolution Memorandum from 1964 — even as those projections have been slow to play out, with automation's initial effect being more to hold down wages and concentrate wealth rather than to displace most workers. However, they may be reaching the point where these effects have become hard to deny despite going against mainstream theory which assumes infinite demand and broad distribution of purchasing power via wages.

As to possible solutions, there is a mention in the HBR article of using government planning by creating public works like infrastructure investments to help address the issue. There is no mention in the article of expanding the "basic income" of Social Security currently only received by older people in the U.S., expanding the gift economy as represented by GNU/Linux, or improving local subsistence production using, say, 3D printing and gardening robots like Dewey of "Silent Running." So, it seems like the mainstream economics profession is starting to accept the emerging reality of this increasingly urgent issue, but is still struggling to think outside an exchange-oriented box for socioeconomic solutions. A few years ago, I collected dozens of possible good and bad solutions related to this issue. Like Davidow and Malone, I'd agree that the particular mix we end up will be a reflection of our culture. Personally, I feel that if we are heading for a technological "singularity" of some sort, we would be better off improving various aspects of our society first, since our trajectory going out of any singularity may have a lot to do with our trajectory going into it.
Blackberry

Boeing and BlackBerry Making a Self-Destructing Phone 68

Posted by Soulskill
from the can't-wait-for-that-protocol-to-be-hacked dept.
Rambo Tribble writes: It sounds like a Mission: Impossible scenario, but aerospace company Boeing is teaming with Canadian phone maker BlackBerry to produce an ultra-secure mobile phone that "self-destructs." The phone uses encryption on calls and is intended to serve the high-security needs of government and industry. As Blackberry CEO John Chen said, "We're pleased to announce that Boeing is collaborating with BlackBerry to provide a secure mobile solution for Android devices utilizing our BES 12 platform. That, by the way, is all they allow me to say."

No word yet if you'll need the services of the bomb squad when you go over your minutes.
Security

Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 166

Posted by timothy
from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.
Businesses

Staples: Breach May Have Affected 1.16 Million Customers' Cards 96

Posted by timothy
from the your-name-here dept.
mpicpp writes with this excerpt from Fortune: Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.
Sony

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't) 325

Posted by Soulskill
from the just-look-less-hackable-than-the-schmuck-next-to-you dept.
phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.
Programming

Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower 220

Posted by Soulskill
from the better-figure-out-an-alter-ego-quick dept.
theodp writes: The idea of programming as a superpower was touched upon by CS teacher Alfred Thompson back in 2010, but it became a rallying call of sorts for the Hour of Code after Dropbox CEO Drew Houston described coding as "the closest thing we have to a superpower" in a Code.org video that went viral. And if the kids who learned to code with the President last week were dubious about the power of coding, this week's decision by Sony to scrap the release of the satirical film The Interview after a massive hack attack should put aside any doubts, especially after new revelations that Sony had reached out to the White House for help and screened the film for administration officials back in June. White House press secretary Josh Earnest said Thursday that the Obama Administration is viewing the Sony attack as a "serious national security matter" and is considering a range of possible options as a response, which could turn things into a contest of U.S. Superpower vs. Coding Superpower. In case it wasn't mentioned last week, remember to always use your coding superpower for good, kids!
Security

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere 88

Posted by Soulskill
from the just-in-case-you-were-feeling-safe-and-secure-today dept.
krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
Security

Critical Git Security Vulnerability Announced 145

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."
Security

Grinch Vulnerability Could Put a Hole In Your Linux Stocking 116

Posted by timothy
from the pretty-generic-description-there dept.
itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.
Australia

Australia Moves Toward New Restrictions On Technology Export and Publication 90

Posted by timothy
from the locked-file-cabinet-in-the-basement dept.
An anonymous reader writes Australia is starting a public consultation process for new legislation that further restricts the publication and export of technology on national security grounds. The public consultation starts now (a few days before Christmas) and it is due by Jan 30th while a lot of Australians are on holidays. I don't have the legal expertise to dissect the proposed legislation, but I'd like some more public scrutiny on it. I find particularly disturbing the phrase "The Bill includes defences that reverse the onus of proof which limit the right to be presumed innocent until proven guilty" contained in this document, also available on the consultation web site.
Security

Hackers Compromise ICANN, Access Zone File Data System 110

Posted by timothy
from the that-should-be-a-boss-level dept.
Trailrunner7 writes with this news from ThreatPost: Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers. ICANN officials said they are notifying any users whose zone data might have been compromised." (Here's ICANN's public note on the compromise.)
Sony

US Links North Korea To Sony Hacking 182

Posted by samzenpus
from the who's-to-blame dept.
schwit1 writes Speaking off the record, senior intelligence officials have told the New York Times, CNN, and other news agencies that North Korea was "centrally involved" in the hack of Sony Pictures Entertainment. It is not known how the US government has determined that North Korea is the culprit, though it is known that the NSA has in the past penetrated North Korean computer systems. Previous analysis of the malware that brought down Sony Pictures' network showed that there were marked similarities to the tools used in last year's cyber-attack on South Korean media companies and the 2012 "Shamoon" attack on Saudi Aramco. While there was speculation that the "DarkSeoul" attack in South Korea was somehow connected to the North Korean regime, a firm link was never published.
Google

Google Proposes To Warn People About Non-SSL Web Sites 391

Posted by samzenpus
from the protect-ya-neck dept.
mrspoonsi writes The proposal was made by the Google developers working on the search firm's Chrome browser. The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser. If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security". Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. In addition, since September Google has prioritised HTTPS sites in its search rankings.
Movies

Top Five Theaters Won't Show "The Interview" Sony Cancels Release 580

Posted by samzenpus
from the nothing-to-see-here dept.
tobiasly writes The country's top five theater chains — Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment — have decided not to play Sony's The Interview. This comes after the group which carried off a massive breach of its networks threatened to carry out "9/11-style attacks" on theaters that showed the film. Update: Sony has announced that it has cancelled the planned December 25 theatrical release.
Android

Manufacturer's Backdoor Found On Popular Chinese Android Smartphone 82

Posted by samzenpus
from the sneaking-in dept.
Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. "A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users' consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor's control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user's permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad."
Cloud

The Joys and Hype of Hadoop 55

Posted by samzenpus
from the ups-and-downs dept.
theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."
The Courts

Apple Wins iTunes DRM Case 191

Posted by Soulskill
from the drm-protected-history-is-written-by-the-victors dept.
An anonymous reader sends word that Apple's iTunes DRM case has already been decided. The 8-person jury took only a few hours to decide that the features introduced in iTunes 7.0 were good for consumers and did not violate antitrust laws. Following the decision, the plaintiff's head attorney Patrick Coughlin said an appeal is already planned. He also expressed frustrations over getting two of the security features — one that checks the iTunes database, and another that checks each song on the iPod itself — lumped together with the other user-facing features in the iTunes 7.0 update, like support for movies and games. "At least we got a chance to get it in front of the jury," he told reporters. ... All along, Apple's made the case that its music store, jukebox software, and hardware was simply an integrated system similar to video game consoles from Sony, Microsoft, and Nintendo. It built all those pieces to work together, and thus it would be unusual to expect any one piece from another company to work without issues, Apple's attorneys said. But more importantly, Apple offered, any the evolution of its DRM that ended up locking out competitors was absolutely necessary given deals it had with the major record companies to patch security holes.

1 Sagan = Billions & Billions

Working...