For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
The Internet

Ask Slashdot: What Is the Best Way To Hold Onto Your Domain? 24 24

An anonymous reader writes: There have been quite a few stories recently about corporations, or other people, wanting to take over a domain. This has me wondering what steps can I take to ensure that outsiders know that my domain is in use, and not up for sale. In my case, I registered a really short domain name(only 5 characters) for a word that I made up. The domain has been mine for a while, and Archive.org has snapshots going back to 2001 of my placeholder page. It could be close to other domain names by adding one more letter, so there is potential for accusations of typosquatting (none yet). I have no trademark on the word, because I saw no reason to get one. The domain is used mostly for personal email, with some old web content left out there for search engines to find. The hosting I pay for is a very basic plan, and I can't really afford to pay for a ton of new traffic. There is the option to set up a blog, but then it has to be maintained for security. What would other readers suggest to establish the domain as mine, without ramping up the amount of traffic on it?
Communications

UK Government Illegally Spied On Amnesty International 87 87

Mark Wilson writes with this excerpt from a story at Beta News: A court has revealed that the UK intelligence agency, GCHQ, illegally spied on human rights organization Amnesty International. It is an allegation that the agency had previously denied, but an email from the Investigatory Powers Tribunal backtracked on a judgement made in June which said no such spying had taken place.

The email was sent to Amnesty International yesterday, and while it conceded that the organization was indeed the subject of surveillance, no explanation has been offered. It is now clear that, for some reason, communications by Amnesty International were illegally intercepted, stored, and examined. What is not clear is when the spying happened, what data was collected and, more importantly, why it happened.
Crime

San Francisco Fiber Optic Cable Cutter Strikes Again 178 178

HughPickens.com writes: USA Today reports that the FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California's San Francisco Bay Area dating back to at least July 6, 2014, including one early this week. "When it affects multiple companies and cities, it does become disturbing," says Special Agent Greg Wuthrich. "We definitely need the public's assistance." The pattern of attacks raises serious questions about the glaring vulnerability of critical Internet infrastructure, says JJ Thompson. "When it's situations that are scattered all in one geography, that raises the possibility that they are testing out capabilities, response times and impact," says Thompson. "That is a security person's nightmare."

Mark Peterson, a spokesman for Internet provider Wave Broadband, says an unspecified number of Sacramento-area customers were knocked offline by the latest attack. Peterson characterized the Tuesday attack as "coordinated" and said the company was working with Level 3 and Zayo to restore service. It's possible the vandals were dressed as telecommunications workers to avoid arousing suspicion, say FBI officials. Backup systems help cushion consumers from the worst of the attacks, meaning people may notice slower email or videos not playing, but may not have service completely disrupted. But repairs are costly and penalties are not stiff enough to deter would-be vandals. "There are flags and signs indicating to somebody who wants to do damage: This is where it is folks," says Richard Doherty. "It's a terrible social crime that affects thousands and millions of people."
Hardware Hacking

Celebrating Workarounds, Kludges, and Hacks 137 137

itwbennett writes: We all have some favorite workarounds that right a perceived wrong (like getting around the Wall Street Journal paywall) or make something work the way we think it ought to. From turning off annoying features in your Prius to getting around sanctions in Crimea and convincing your Android phone you're somewhere you're not, workarounds are a point of pride, showing off our ingenuity and resourcefulness. And sometimes artful workarounds can even keep businesses operating in times of crisis. Take, for example, the Sony employees, who, in the wake of the Great Hack of 2014 when the company's servers went down, dug out old company BlackBerrys that, while they had been abandoned, had never had their plans deactivated. Because BlackBerrys used RIM's email servers instead of Sony's, they could still communicate with one another, and employees with BlackBerrys became the company's lifeline as it slowly put itself back together. What hacks and workarounds keep your life sane?
Encryption

Cisco Security Appliances Found To Have Default SSH Keys 112 112

Trailrunner7 writes: Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

This bug is about as serious as they come for enterprises. An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco's market share and presence in the enterprise worldwide, is likely a high number. The default key apparently was inserted into the software for support reasons.

"The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user," Cisco said.
Security

My United Airlines Website Hack Gets Snubbed 187 187

Bennett Haselton writes: United Airlines announced that they will offer up to 1 million air miles to users who can find security holes in their website. I demonstrated a way to brute-force a user's 4-digit PIN number and submitted it to them for review, emailing their Bugs Bounty contact address on three occasions, but I never heard back from them. Read on for the rest. If you've had a different experience with the program, please chime in below.
Communications

After 6-Year Beta Test, All Gmail Users Get 'Undo Send' 95 95

jones_supa writes: Since 2009, Google has been beta testing a feature in Gmail called "Undo Send." It allows you to delay emails up to 30 seconds from when you press the "Send" button so you can take them back if you immediately decide it was a bad idea to press the send button. Google announced in a blog post that Undo Send is becoming an official feature. For users who already had the Undo Send beta enabled, the feature will remain on, and those who didn't can turn it on via the General tab under Settings. Users can choose if they want to hold their mail for 5, 10, 20 or 30 seconds.
Security

New Snowden Leaks Show NSA Attacked Anti-Virus Software 98 98

New submitter Patricbranson writes: The NSA, along with its British counterpart Government Communications Headquarters (GCHQ), spent years reverse-engineering popular computer security software in order to spy on email and other electronic communications, according to the classified documents published by the online news site The Intercept. With various countries' spy agencies trying to make sure computers aren't secure (from their own intrusions, at least), it's no wonder that Kaspersky doesn't want to talk about who hacked them.
Google

DOJ Vs. Google: How Google Fights On Behalf of Its Users 78 78

Lauren Weinstein writes: While some companies have long had a "nod and wink" relationship with law enforcement and other parts of government -- willingly turning over user data at mere requests without even attempting to require warrants or subpoenas, it's widely known that Google has long pushed back -- sometimes though multiple layers of courts and legal processes -- against data requests from government that are not accompanied by valid court orders or that Google views as being overly broad, intrusive, or otherwise inappropriate. Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data. One case reaches back to the beginning of 2011, when the U.S. Department of Justice tried to force Google to turn over more than a year's worth of metadata for a user affiliated with WikiLeaks. While these demands did not include the content of emails, they did include records of this party's email correspondents, and IP addresses he had used to login to his Gmail account. Notably, DOJ didn't even seek a search warrant. They wanted Google to turn over the data based on the lesser "reasonable grounds" standard rather than the "probable cause" standard of a search warrant itself. And most ominously, DOJ wanted a gag order to prevent Google from informing this party that any of this was going on, which would make it impossible for him to muster any kind of legal defense.
Government

Mayday PAC's Benjamin Singer Explains How You can Help Reform American Politics (Video) 233 233

Larry Lessig's Mayday PAC is a SuperPac that is working to eliminate the inherent corruption of having a government run almost entirely by people who manage to raise -- or have their "non-connected" SuperPACs raise -- most of the money they need to run their campaigns. The Mayday PAC isn't about right or left wing or partisan politics at all. It's about finding and supporting candidates who are in favor of something like last year's Government by the People Act. As we noted in our Mayday Pac interview with Larry Lessig last June, a whole panoply of tech luminaries, up to and including Steve Wozniak, are in favor of Mayday PAC.

This interview is being posted, appropriately, just before the 4th of July, but it's also just one day before the Mayday PAC Day of Action to Reform Congress. They're big on calling members of Congress rather than emailing, because our representatives get email by the (digital) bushel, while they get comparatively few issue-oriented phone calls from citizens. So Mayday PAC makes it easy for you to call your Congressional representatives and even, if you're too shy to talk to a legislative aide in person, to record a message Mayday PAC will leave for them after hours.

The five specific pieces of legislation Mayday PAC currently supports are listed at the RepsWith.US/reforms page. Two are sponsored by Republicans, two by Democrats, and one by an Independent. That's about as non-partisan as you can get, so no matter what kind of political beliefs you hold, you can support Mayday PAC with a clear conscience. (Note: the transcript has more information than the video, which is less than six minutes long.)
Spam

Ask Slashdot: How Effective Is Your ISP's Spam Filter? 265 265

An anonymous reader writes with the question in the title: does your ISP do a decent job culling spam? The reason I'm asking is that my ISP is Verizon and the Verizon spam filter is next to useless. It only blocks 15% of spam while also blocking 5% of legitimate emails. I've tried calling Verizon support a couple of times and the experience is about as pleasant and productive as banging my head on a wall. At this point I think my best move is to change ISP, but before I go around changing my email address at probably dozens of web sites I'd like to be sure that a new ISP would actually be better.
Sony

WikiLeaks' Latest: An Even More Massive Trove of Sony Documents 100 100

Newsweek is one of many outlets to report that Wikileaks' latest dump is a trove of Sony's company emails and other documents that consists of even more individual pieces than the 200,000-plus leaked in April. Included, says the Newsweek story, are "276,394 Sony Corp. communications, including email, travel calendars, contact lists, expense reports and private files." One interesting tidbit revealed by the documents thus revealed, spotted by Apple Insider, is that "Apple requested [from Sony] 4K content for potential digital distribution and on-demand services testing nearly two years ago, suggesting the company has been exploring ultra high-definition streaming for some time."
United Kingdom

British Government Instituted 3-Month Deletion Policy, Apparently To Evade FOIA 86 86

An anonymous reader writes: In late 2004, weeks before Tony Blair's Freedom of Information (FOI) act first came into force, Downing Street adopted a policy of automatically deleting emails more than three months old (paywalled). The IT decision has resulted in a "dysfunctional" system according to former cabinet officials, with Downing Street workers struggling to agree on the details of meetings in the absence of a correspondence chain. It is still possible to preserve an email by dragging it to local storage, but the relevance of mails may not be apparent at the time that the worker must make the decision to do so. Former special adviser to Nick Clegg Sean Kemp said: "Some people delete their emails on an almost daily basis, others just try to avoid putting anything potentially interesting in an email in the first place."
Security

Researchers Find Major Keychain Vulnerability in iOS and OS X 78 78

An anonymous reader notes a report from El Reg on a major cross-app resource vulnerability in iOS and Mac OS X. Researchers say it's possible to break app sandboxes, bypass App Store security checks, and crack the Apple keychain. The researchers wrote, "specifically, we found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by [malware] to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications." Their full academic paper (PDF) is available online, as are a series of video demos. They withheld publication for six months at Apple's request, but haven't heard anything further about a fix.
Security

LastPass Reporting a Security Breach, Including Authentication Hashes and Salts 206 206

hawkeyeMI writes: LastPass, the popular password manager, has been hacked. The company says that the “vast majority” of users are safe, and has posted a notice which begins: "We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."
Security

Samsung, LG Smartwatches Give Up Personal Data To Researchers 46 46

An anonymous reader sends word that security researchers have been able to extract personal information from a pair of smartwatches: the LG G Watch and the Samsung Gear 2 Neo. The G Watch gave up calendar information, pedometer data, and the user's email address, while the Gear 2 Neo gave up health data, emails, messages, and contact information. The researchers said it wasn't very difficult to get the data, in part because it wasn't encrypted. "The Gear 2 Neo uses Samsung's Tizen operating system, while the LG G Watch is one of several models that uses Google's Android Wear operating system. The researchers obtained the data both by poking through the watches' files and finding traces of watch activity on the Samsung Android smartphone to which they were linked. The researchers also have begun testing the Apple Watch."
Blackberry

Is BlackBerry Launching an Android Phone? 113 113

An anonymous reader writes: According to a Reuters report BlackBerry may launch an Android phone with a hardware keyboard. If true, it's a definite shift in their business model. "We don't comment on rumors and speculation, but we remain committed to the BlackBerry 10 operating system, which provides security and productivity benefits that are unmatched," said the company in an email. Google declined to comment.
IT

Ask Slashdot: How To Turn an Email Stash Into Knowledge For My Successor? 203 203

VoiceOfDoom writes: I'm leaving my current position in a few weeks and it looks unlikely that a replacement will be found in time. My job is very specialized and I'm the only person in the organization who is qualified or experienced in how to do it. I'd like to share as much of my accumulated knowledge with my successor as possible but at the moment, it mostly exists in my email archive which will be deleted after I've been gone for 90 days.

The organization doesn't have any knowledge management systems so the only way it seems I can pass on this information is by copying all the info into a series of documents, which isn't much fun to do in Outlook. Can my fellow Slashdotters can suggest a better approach? By the way, there's quite a lot of confidential stuff in there that my successor needs to know but which cannot leave the organization's existing systems.
Government

Emails Show How Industry Lobbyists Basically Wrote The Trans-Pacific Partnership 226 226

An anonymous reader writes: This Techdirt story shows how industry lobbyists influenced the Trans-Pacific Partnership (TPP) agreement, to the point that one even openly celebrates that the Office of the United States Trade Representative (USTR) version copied his own text word for word. The email exchange between Jim DeLisi, from Fanwood Chemical, to Barbara Weisel, a USTR official reads: "Hi Barbara – John sent through a link to the P4 agreement. I have taken a quick look at the rules of origin. Someone owes USTR a royalty payment – these are our rules. They will need some tweaking but will likely not need major surgery. This is a very pleasant surprise. I will study more closely over the weekend."
IOS

WWDC 2015 Roundup 415 415

Here's an overview of the main announcements and new products unveiled at WWDC today.
  • The latest OS X will be named OS X El Capitan. Features include: Natural language searches and auto-arrange windows. You can make the cursor bigger by shaking the mouse and pin sites in Safari now. 1.4x faster than Yosemite. Available to developers today, public beta in July, out for free in the fall.
  • Metal, the graphics API is coming to Mac. "Metal combines the compute power of OpenCL and the graphics power of OpenGL in a high-performance API that does both." Up to 40% greater rendering efficiency.
  • iOS 9: New Siri UI. There’s an API for search. Siri and Spotlight are getting more integrated. Siri getting better at prediction with a far lower word error rate. You can make checklists, draw and sketch inside of Notes. Maps gets some love. New app called News "We think this offers the best mobile reading experience ever." Like Flipboard it pulls in news articles from your favorite sites. HomeKit now supports window shades, motion sensors, security systems, and remote access via iCloud. Public Beta for iOS 9.
  • Apple Pay: All four major credit card companies and over 1 million locations supporting Apple Pay as of next month. Apple Pay reader developed by Square, for peer-to-peer transactions. Apple Pay coming to the UK next month support in 250,000 locations including the London transportation system. Passbook is being renamed "Wallet."
  • iPad: Shortcuts for app-switching, split-screen multitasking and QuickType. Put two fingers down on the keyboard and it becomes a trackpad. Side by side apps. Picture in picture available on iPad Air and up, Mini 2 and up.
  • CarPlay: Now works wirelessly and supports apps by the automaker.
  • Swift 2,the latest version of Apple’s programing language . Swift will be open source.
  • The App Store: Over 100 billion app downloads, and $30 billion paid to developers.
  • Apple Watch: watchOS 2 with new watch faces. Developers can build their own "complications" (widgets with a terrible name that show updates and gauges on the watch face). A new feature called Time Travel lets you rotate the digital crown to zoom into the future and see what’s coming up. More new features: reply to email, bedside alarm clock, send scribbled messages in multiple colors. You can now play video on the watch. Developer beta of watchOS 2 available today, wide release in the fall for free.
  • Apple Music: “The next chapter in music. It will change the way you experience music forever,” says Cook. Live DJs broadcasting and hosting live radio streams you can listen to in 150 countries. Handpicked suggestions. 24/7 live global radio. Beats Connect lets unsigned artists connect with fans. Beats Music has all of iTunes’ music, to buy or stream. With curated recommendations. Launching June 30th in 100 countries with Android this fall, with Windows and Android versions. First three months free, $9.99 a month or $14.99 a month for family plan for up to six.