Forgot your password?
typodupeerror

Catch up on stories from the past week (and beyond) at the Slashdot story archive

Security

Building a Honeypot To Observe Shellshock Attacks In the Real World 15

Posted by timothy
from the distract-them-with-fresh-targets dept.
Nerval's Lobster writes A look at some of the Shellshock-related reports from the past week makes it seem as if attackers are flooding networks with cyberattacks targeting the vulnerability in Bash that was disclosed last week. While the attackers haven't wholesale adopted the flaw, there have been quite a few attacks—but the reality is that attackers are treating the flaw as just one of many methods available in their tool kits. One way to get a front-row seat of what the attacks look like is to set up a honeypot. Luckily, threat intelligence firm ThreatStream released ShockPot, a version of its honeypot software with a specific flag, "is_shellshock," that captures attempts to trigger the Bash vulnerability. Setting up ShockPot on a Linux server from cloud host Linode.com is a snap. Since attackers are systematically scanning all available addresses in the IPv4 space, it's just a matter of time before someone finds a particular ShockPot machine. And that was definitely the case, as a honeypot set up by a Dice (yes, yes, we know) tech writer captured a total of seven Shellshock attack attempts out of 123 total attacks. On one hand, that's a lot for a machine no one knows anything about; on the other, it indicates that attackers haven't wholesale dumped other methods in favor of going after this particular bug. PHP was the most common attack method observed on this honeypot, with various attempts to trigger vulnerabilities in popular PHP applications and to execute malicious PHP scripts.
Security

Obama Administration Argues For Backdoors In Personal Electronics 517

Posted by samzenpus
from the let-us-in dept.
mi writes Attorney General Eric Holder called it is "worrisome" that tech companies are providing default encryption on consumer electronics, adding that locking authorities out of being able to access the contents of devices puts children at risk. “It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said at a conference on child sexual abuse, according to a text of his prepared remarks. “When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.”
The Military

Four Charged With Stealing Army Helicopter Training Software 44

Posted by Soulskill
from the because-what-hacker-doesn't-have-a-helicopter-laying-around dept.
itwbennett writes: Four alleged members of an international computer hacking ring face charges in the U.S. of breaking into the computer networks of the U.S. Army and several tech companies and stealing several software packages, including programs used to train Army helicopter pilots, as well as software and data related to the Xbox One gaming console, the Xbox Live online gaming service and popular games such as Call of Duty: Modern Warfare 3 and Gears of War 3.
Music

Grooveshark Found Guilty of Massive Copyright Infringement 165

Posted by Soulskill
from the surprising-nobody dept.
An anonymous reader writes: If you're a Grooveshark user, you should probably start backing up your collection. In a decision (PDF) released Monday, the United States District Court in Manhattan has found Grooveshark guilty of massive copyright infringement based on a preponderance of internal emails, statements from former top executives, direct evidence from internal logs, and willfully deleted files and source code. An email from Grooveshark's CTO in 2007 read, "Please share as much music as possible from outside the office, and leave your computers on whenever you can. This initial content is what will help to get our network started—it’s very important that we all help out! ... Download as many MP3’s as possible, and add them to the folders you’re sharing on Grooveshark. Some of us are setting up special 'seed points' to house tens or even hundreds of thousands of files, but we can’t do this alone." He also threatened employees who didn't contribute.
Facebook

Interview With Facebook's Head of Open Source 29

Posted by timothy
from the complete-transparency dept.
Czech37 writes Facebook may be among the world's most well-known tech companies, but it's not renowned for being at the forefront of open source. In reality, they have over 200 open source projects on GitHub and they've recently partnered with Google, Dropbox, and Twitter (among others) to create the TODO group, an organization committed to furthering the open source cause. In an interview with Opensource.com, Facebook's James Pearce talks about the progress the company has made in rebooting their open source approach and what's on the horizon for the social media network.
Government

California Governor Vetoes Bill Requiring Warrants For Drone Surveillance 111

Posted by Soulskill
from the quis-custodiet-ipsos-drones? dept.
schwit1 sends word that California governor Jerry Brown has vetoed legislation that would have required warrants for surveillance using unmanned drones. In his veto message (PDF), Brown said, "This bill prohibits law enforcement from using a drone without obtaining a search warrant, except in limited circumstances. There are undoubtedly circumstances where a warrant is appropriate. The bill's exceptions, however, appear to be too narrow and could impose requirements beyond what is required by either the 4th Amendment or the privacy provisions in the California Constitution."

The article notes that 10 other states already require a warrant for routine surveillance with a drone (Florida, Idaho, Illinois, Indiana, Iowa, Montana, Oregon, Tennessee, Utah, and Wisconsin). Further, Brown's claims about the bill's exceptions are overstated — according to Slate, "California's drone bill is not draconian. It includes exceptions for emergency situations, search-and-rescue efforts, traffic first responders, and inspection of wildfires. It allows other public agencies to use drones for other purposes — just not law enforcement."
Education

How Tech Is Transforming Teaching In a South African Township 26

Posted by Soulskill
from the please-say-cyborgs-please-say-cyborgs dept.
An anonymous reader writes: The founders of the African School for Excellence have an ambitious goal — nothing less than redefining low cost, scalable teaching that brings international standards to the poorest schools in Africa. Their first model school is off to a good start: in just 18 months, all grade 9 students are achieving scores higher than 50% on Cambridge Curriculum Checkpoint tests, and only one student scored less than 50% in math. The national average score in math is 13%. The school relies on a locally designed piece of marking software to function. Their teach-to-pupil ratios are not great, but the teachers are committed to using technology to stretch themselves as far as they can. What's most remarkable is that the school's running costs are already half the cost of a traditional government school, and the quality of education is much, much better. All this, and they're only a year and a half into the program.
Encryption

Tor Executive Director Hints At Firefox Integration 117

Posted by Soulskill
from the foxes-love-onions dept.
blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
Crime

CEO of Spyware Maker Arrested For Enabling Stalkers 194

Posted by Soulskill
from the reaping-what-you-sow dept.
An anonymous reader writes: U.S. authorities have arrested and indicted the CEO of a mobile software company for selling spyware that enables "stalkers and domestic abusers." The U.S. Department of Justice accuses the man of promoting and selling software that can "monitor calls, texts, videos and other communications on mobile phones without detection." The agency pointed out this is the first criminal case based on mobile spyware, and promised to aggressively pursue makers of similar software in the future. Here's the legal filing (PDF). The FBI, with approval from a District Court, has disabled the website hosting the software.

"The indictment alleges that StealthGenie's capabilities included the following: it recorded all incoming/outgoing voice calls; it intercepted calls on the phone to be monitored while they take place; it allowed the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius; and it allowed the purchaser to monitor the user's incoming and outgoing e-mail messages and SMS messages, incoming voicemail messages, address book, calendar, photographs, and videos. All of these functions were enabled without the knowledge of the user of the phone."
Microsoft

Microsoft Revives Its Hardware Conference 47

Posted by samzenpus
from the back-by-popular-demand dept.
jfruh writes Microsoft's Windows Hardware Engineering Conference, or WinHEC, was an annual staple of the '90s and '00s: every year, execs from Redmond would tell OEMs what to expect when it came to Windows servers and PCs. The conference was wrapped with software into Build in 2009, but now it's being revived to deal with not just computers but also the tablets and cell phone Microsoft has found itself in the business of selling and even making. It's also being moved from the U.S. to China, as an acknowledgment of where the heart of the tech hardware business is now.
Cellphones

When Everything Works Like Your Cell Phone 173

Posted by Soulskill
from the looking-forward-to-jailbreaking-my-breadmaker dept.
The Atlantic is running an article about how "smart" devices are starting to see everyday use in many people's home. The authors say this will fundamentally change the concept of what it means to own and control your possessions. Using smartphones as an example, they extrapolate this out to a future where many household items are dependent on software. Quoting: These phones come with all kinds of restrictions on their possible physical capabilities. You may not take them apart. Depending on the plan, not all software can be downloaded onto them, not every device can be tethered to them, and not every cell phone network can be tapped. "Owning" a phone is much more complex than owning a plunger. And if the big tech players building the wearable future, the Internet of things, self-driving cars, and anything else that links physical stuff to the network get their way, our relationship to ownership is about to undergo a wild transformation. They also suggest that planned obsolescence will become much more common. For example, take watches: a quality dumbwatch can last decades, but a smartwatch will be obsolete in a few years.
Technology

Marc Merlin's 2014 Burning Man Report For Tech Geeks 56

Posted by timothy
from the what-he-did-on-his-summer-vacation dept.
marcmerlin writes Haven't been to Burning Man, or missed this year's and would like a summary? Marc Merlin has posted a summary of this year with full GPS map, pictures from the air, and everything neatly categorized, with a track of his 127 miles of biking to visit as many camps as possible. Also, if you plan on going, check out the tips at the bottom of the page.
Displays

Acer Launches First 4K Panel With NVIDIA G-Sync Technology On Board 64

Posted by Soulskill
from the all-the-pixels dept.
MojoKid writes: Save for a smattering of relatively small, 3K and 4K laptop displays, we haven't quite gotten to the same type of pixel density on the PC platform, that is available on today's high-end ultra-mobile devices. That said, the desktop display space has really heated up as of late and 4K panels have generated a large part of the buzz. Acer just launched the first 4K display with NVIDIA G-Sync technology on board. To put it simply, G-SYNC keeps a display and the output from an NVIDIA GPU in sync, regardless of frame rates or whether or not V-Sync is enabled. Instead of the monitor controlling the timing and refreshing at say 60Hz, the timing control is transferred to the GPU. The GPU scans a frame out to the monitor and the monitor doesn't update until a frame is done drawing, in lock-step with the GPU. This method completely eliminates tearing or frame stuttering associated with synchronization anomalies of standard panels. There are still some quirks with Windows and many applications that don't always scale properly on high-DPI displays, but the situation is getting better every day. If you're a gamer in the market for a 4K display, that's primed for gaming, the Acer XB280HK is a decent new option with this technology on board, though it does come at a bit of a premium at $799 versus standard 28-inch panels.
Security

Security Collapse In the HTTPS Market 185

Posted by Soulskill
from the many-points-of-failure dept.
CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.
Transportation

DHL Goes Live With 'Parcelcopter' Drone Delivery Service 92

Posted by Soulskill
from the what-can-yellow-do-for-you dept.
jones_supa writes: In December, Amazon announced it intends to deliver packages to customers using drones. But its initiative was widely ridiculed for being an over-hyped announcement with little to show for it. This summer, Google demonstrated its own drone-based delivery service, using a fixed-wing aircraft to deliver little packages to farmers in the Australian outback. But now, German delivery firm DHL has beaten the tech firms to the punch, announcing a regular drone delivery service for the first time, nine months after it launched its "parcelcopter" research project in December 2013. The service will use an quadcopter to deliver small parcels to the German island of Juist, a sandbar island 12km into the North Sea from the German coast, inhabited by 2,000 people. Deliveries will include medication and other urgently needed goods. Flying below 50 meters to avoid entering regulated air traffic corridors, the drone takes a fully automated route, carrying a special air-transport container that is extremely lightweight as well as weatherproof.

Passwords are implemented as a result of insecurity.

Working...