×
Security

Submission + - Analysis of Dexter Malware Uncovers Mystery Man, And Links to Zeus (securityledger.com)

Submitted by
chicksdaddy
chicksdaddy writes: "The newly discovered Dexter malware is one of the few examples of a malicious program that targets point of sale terminals, but also communicates, botnet-like, with a command and control infrastructure. According to an analysis by Seculert, the custom malware has infected “hundreds POS systems” including those operated by “big-name retailers, hotels, restaurants and even private parking providers.”
Now a detailed analysis by Verizon’s RISK team suggests that Dexter may be a creation of a group responsible for the ubiquitous Zeus banking Trojan.
By analyzing early variants of Dexter discovered in the wild, Verizon determined that the IP addresses used for Dexter’s command and control were also used to host Zeus related domains and several domains for Vobfus, also known as “the porn worm,” which has been used to deliver the Zeus malware.
Verizon also produced some tantalizing clues as to the identity of one individual who may be a part of the crew responsible for the malware. The RISK team linked the domain registration for a Dexter C&C server to an unusual online handle, “hgfrfv,” that was used to post a number of suggestive help requests (“need help with decrypting a table encrypted with EncryptByKey") in online technical forums, where a live.com e-mail address was also provided. The account name was also linked to a shell account on the outsourcing web site freelancer.com, which lists “hgfrfv” as an individual residing in the Russian Federation."
The Internet

Submission + - Researchers Develop an Internet Truth Machine

Submitted by
Hugh Pickens writes
Hugh Pickens writes writes: "Will Oremus writes that when something momentous is unfolding—the Arab Spring, Hurricane Sandy, Friday’s horrific elementary school shooting in Connecticut—Twitter is the world's fastest, most comprehensive, and least reliable source of breaking news and in ongoing events like natural disasters, the results of Twitter misinformation can be potentially deadly. During Sandy, for instance, some tweets helped emergency responders figure out where to direct resources. Others provoked needless panic, such as one claiming that the Coney Island hospital was on fire, and a few were downright dangerous, such as the one claiming that people should stop using 911 because the lines were jammed. Now a research team at Yahoo has analyzed tweets from Chile's 2010 earthquake and looked at the potential of machine-learning algorithms to automatically assess the credibility of information tweeted during a disaster. A machine-learning classifier developed by the researchers uses 16 features to assess the credibility of newsworthy tweets and identified the features that make information more credible: credible tweets tend to be longer and include URLs; credible tweeters have higher follower counts; credible tweets are negative rather than positive in tone; and credible tweets do not include question marks, exclamation marks, or first- or third-person pronouns. Researchers at India's Institute of Information Technology also found that credible tweets are less likely to contain swear words (PDF) and significantly more likely to contain frowny emoticons than smiley faces. The bottom line is that an algorithm has the potential to work much faster than a human, and as it improves, it could evolve into an invaluable "first opinion" for flagging news items on Twitter that might not be true writes Oremus. "Even that wouldn't fully prevent Twitter lies from spreading or misleading people. But it might at least make their purveyors a little less comfortable and a little less smug.""

Submission + - Zidisha ("Kickstarter" of the developing world) almost reaches $600K. (zidisha.org)

Submitted by Anonymous Coward
An anonymous reader writes: Per their website, "Zidisha is the first peer-to-peer micro-lending service to offer direct interaction between lenders and borrowers across the international wealth divide. We eliminate the middleman, ensuring that entrepreneurs' profits stay right where they belong – in their communities." Per their statistic page, they claim a 97.71% return rate, their average interest rate is multiples below the global average for micro-financed loans (even after adding their 5% finance fee), and they are just about to surpass $600K loans raised. Apparently they have so many stories to share that the director published a book. For those skeptical about capitalism, perhaps this is an example of how we can hack it into something better.
AI

Submission + - A programmable MMORPG that is built using crowd-sourcing (kickstarter.com)

Submitted by
joshgriffith
joshgriffith writes: "Topia Online is a sandbox MMORPG that is built by the community. Not only is every creature in the game controlled by players, but all aspects of the game can be automated using Javascript. The game engine encourages the use of a built-in IDE to manipulate the game world and it's denizens. Additionally, the core server code will be exposed for the players to review. Game systems are in place to provide rules for script execution based on the player's character and resources.

Players compete for resources and the struggle for power by writing intelligent scripts that allow their agents to survive in the persistent game world. As the characters grow in power, the developer can create new abilities to further their agenda. Additionally, a built-in interface editor allows experienced developers to create UI to improve the user experience of the game. Finally, a script marketplace provides a system for users to share their creations with others. The game has potential to be a Javascript learning tool, as well as a testbed for simulating virtual ecosystems. Although the game is still in the alpha stages, there are playable 'offline' sandboxes for users to experiment in. The game is slated to start beta in January 2013, with an estimated launch date of March 2013."
Communications

Submission + - Cox Comm. injects code into customers' web traffic to announce email outage (twitter.com) 2

Submitted by Anonymous Coward
An anonymous reader writes: Cox Communications appears to be injecting JavaScript and HTML into subscriber's traffic, as part of their effort to announce an email service outage. Pictures showing the popup: http://pics.lockerz.com/s/269216895 https://www.dropbox.com/sh/a160036xd1ww4gs/Nbkd3O9aLj https://twitter.com/anthonykava/status/280004999419944960/photo/1
Japan

Submission + - Identified Fukushima Workers Pelted "With Bottles"

Submitted by
Readycharged
Readycharged writes: "The BBC reports that not only are the "Fukushima 50" considered anti heros in their locale, they also face aggressive hostility when identified.

Dr Jun Shigemura, psychiatrist from Japan's National Defense University, states, "The workers have been through multiple stresses."

"They experienced the plant explosions, the tsunami...(and) radiation exposure. They are also victims of the disaster because they live in the area and have lost homes and family members. And the last thing is the discrimination."

"Yes, discrimination.....the workers (are) not being celebrated....(they) have tried to rent apartments (but) landlords turn them down...some have had plastic bottles thrown at them....some have had papers pinned on their apartment door saying 'Get out, Tepco'."

Reporter Rupert Wingfield-Hayes, corrects the myth that a mere 50 tackled the devastation, stating that there were hundreds working around the clock in shifts.

Whilst the Japanese government seem to want to bury the human drama surrounding the catastrophic event, Nuclear News cites a new book which reports on acts of sacrificial heroism whilst mentioning many of the clear up workers by name."
Privacy

Submission + - Students protest biometric scanner move (thenorthernecho.co.uk)

Submitted by
Presto Vivace
Presto Vivace writes: "Newcastle University students protest biometric scanner move

UNIVERSITY students may have to scan their fingerprints in future — to prove they are not bunking off lectures. ... ... Newcastle Free Education Network has organised protests against the plans, claiming the scanners would "'turn universities into border checkpoints" and "reduce university to the attendance of lectures alone".

"
Piracy

Submission + - Music Industry Threatens to Bankrupt Pirate Party Members (torrentfreak.com)

Submitted by Anonymous Coward
An anonymous reader writes: Music industry group the BPI has threatened legal action against six members of the UK Pirate Party, after the party refused to take its Pirate Bay proxy offline. BPI seems to want to hold the individual members of the party responsible for copyright infringements that may occurs via the proxy, which puts them at risk of personal bankruptcy.

Pirate Party leader Loz Kaye criticized the latest music industry threats and reiterated that blocking The Pirate Bay is a disproportionate measure.
Censorship

Submission + - UK Internet Porn Blocking Rejected (bbc.co.uk)

Submitted by Gordonjcp
Gordonjcp writes: The BBC are reporting that the proposed automatic blocking of porn websites by UK ISPs has been rejected by the government. Only 35% of the parents who responded to a survey on filtering wanted an automatic block. The report, drawn from over 3500 responses, found that 80% of all those who responded were in favour of no filtering of any kind.

Submission + - Guns Don't Kill People SSRIs Do (ssristories.com)

Submitted by blackbeak
blackbeak writes: I'm certainly aware that the recent school shooting is being discussed at length, but the direct correlation of increased prescription of SSRI medication to the increase in horrific incidents is so staggering and so pertinent that this "elephant in the room" deserves it's own discussion. Unlike guns, which can only be held in the hand, SSRIs are held in the mind controlling the hand. You'll see a huge upsurge in news stories again about how guns need to be curtailed, but (again) few stories, if any, about the medications pulling the trigger. Yet SSRIs are obviously behind these killings. SSRIs mess with brain chemistry in ways we cannot fully understand or control, way too often resulting in horrifyingly confused, disordered and psychotic manifestations. How about discussing how these meds are insufficiently tested, driven through the FDA (a "captured" regulatory agency), released into the wild and then prescribed to children on (and off!) label.
United States

Submission + - Marijuana Prosecution Not a High Priority Says Obama

Submitted by
Hugh Pickens writes
Hugh Pickens writes writes: "VOA reports that President Obama says it does not make sense for federal authorities to seek prosecution of recreational marijuana users in states where such use is legal. "As it is, you know, the federal government has a lot to do when it comes to criminal prosecutions," said Obama during a television interview with ABC's Barbara Walters . "It does not make sense from a prioritization point of view for us to focus on recreational drug users in a state that has already said that, under state law, that's legal." When asked if he supported legalizing marijuana, the president said he was not endorsing that. ""I wouldn't go that far, but what I think is that, at this point, Washington and Colorado, you've seen the voters speak on this issue.""
Security

Submission + - South Carolina Security Blunders Show Why States Get Hacked (informationweek.com) 1

Submitted by
CowboyRobot
CowboyRobot writes: "Earlier this year, the state's Department of Revenue was storing 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a state employee clicked on a malicious email link, an attacker was able to obtain copies of those records. It's easy to blame the breach on "Russian hackers" but who is really to blame? "The state's leadership, from the governor on down, failed to take information security seriously or to correctly gauge the financial risk involved. As a result, taxpayers will pay extra to clean up the mess. Beyond the $800,000 that the state will spend — and should have already spent — to improve its information security systems, $500,000 will go to the data breach investigation, $740,000 to notify consumers and businesses, $250,000 for legal and PR help, and $12 million for identity theft monitoring services.""
Linux

Submission + - kickstarter and game development highlighting linux support (overclockers.com)

Submitted by Anonymous Coward
An anonymous reader writes: This is part 6 of a 7 part series highlighting some of the game developers supporting linux. Overclockers spoke with photon productions about their upcoming game forsaken fortress a post apocoliptic rpg/rts game
China

Submission + - Chinese Moon Probe Flies by Asteroid Toutatis (shanghaidaily.com)

Submitted by hackingbear
hackingbear writes: Chinese moon probe Chang'e-2 made a flyby of the near-earth asteroid Toutatis on December 13 at 16:30:09 Beijing Time (08:30"09 GMT), the State Administration of Science, Technology and Industry for National Defense (SASTIND) announced today. The flyby was the first time an unmanned spacecraft launched from Earth has taken such a close viewing of the asteroid, named after a Celtic god, making China the fourth country after the US, the EU and Japan to be able to examine an asteroid by spacecraft. Chang'e-2 came as close as 3.2 km from Toutatis, which is about 7 million km away from the Earth, and took pictures of the asteroid at a relative velocity of 10.73 km per second, the SASTIND said in a statement. Chang'e-2, originally designated as the backup of Chang'e-1, left its lunar orbit for an extended mission to the Earth-Sun L2 Lagrangian point on June 9, 2011, after finishing its lunar objectives, and then again began its mission to Toutatis this year. "The success of the extended missions also embodies that China now possesses spacecraft capable of interplanetary flight," said Wu Weiren, chief designer of China's lunar probe program.

Submission + - University of Chicago receives Mystery Indiana Jones package (tumblr.com)

Submitted by VanGarrett
VanGarrett writes: Someone at the University of Chicago went through a lot of trouble to baffle a few people, with an old timey package addressed to Indiana Jones. From the article:

The package contained an incredibly detailed replica of “University of Chicago Professor” Abner Ravenwood’s journal from Indiana Jones and the Raiders of the Lost Ark. It looks only sort of like this one, but almost exactly like this one, so much so that we thought it might have been the one that was for sale on Ebay had we not seen some telling inconsistencies in cover color and “Ex Libris” page (and distinct lack of sword). The book itself is a bit dusty, and the cover is teal fabric with a red velvet spine, with weathered inserts and many postcards/pictures of Marion Ravenwood (and some cool old replica money) included. It’s clear that it is mostly, but not completely handmade, as although the included paper is weathered all of the “handwriting” and calligraphy lacks the telltale pressure marks of actual handwriting.
Google

Submission + - Google To Shut Down Calendar Features, Google Sync, Google Calendar Sync, Punchd 1

Submitted by Anonymous Coward
An anonymous reader writes: Google on Friday announced it is shutting down a slew of features and services as part of its winter cleaning. Google Calendar will be losing a few features, Google Sync will be axed (on the consumer side), as will Google Calendar Sync, SyncML, the Issue Tracker Data API, and the Punchd app.
Cloud

Submission + - Official Doc. Reveals Oracle's Cloud Rules (itworld.com)

Submitted by
itwbennett
itwbennett writes: "In an official document that is both 'confidential' and publicly available on Oracle's website, the company lays out its cloud policies. Most of the policies follow industry standards, but then there are a few that should give customers pause. Like the one that allows Oracle to turn off access to accounts in the event of a dispute or account violation."
Linux

Submission + - Denial-of-Service Attack Found In Btrfs File-System (phoronix.com)

Submitted by Anonymous Coward
An anonymous reader writes: It's been found that the Btrfs file-system is vulnerable to a Hash-DOS attack, a denial-of-service attack caused by hash collisions within the file-system. Two DOS attack vectors were uncovered by Pascal Junod that he described as causing astonishing and unexpected success. It's hoped that the security vulnerability will be fixed for the next Linux kernel release.

Slashdot Top Deals