Security

Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs 172

Posted by Soulskill
from the another-day,-another-breach dept.
An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.
Security

Stanford Researcher Finds Little To Love In Would-Be Hacker Marketplace 71

Posted by timothy
from the it-is-what-it-is dept.
An anonymous reader writes: What if there were an Uber for hackers? Well, there is. It's called Hacker's List, and it made the front page of the New York Times this year. Anyone can post or bid on an 'ethical' hacking project. According to new Stanford research, however, the site is a wreck. 'Most requests are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal.' And it gets worse. 'Many users on Hacker's List are trivially identifiable,' with an email address or Facebook account. The research dataset includes thousands of individuals soliciting federal crimes.
Privacy

CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach 82

Posted by timothy
from the camel-cased-in-triplicate dept.
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.
America Online

Does Using an AOL Email Address Suggest You're a Tech Dinosaur? 461

Posted by samzenpus
from the back-in-the-day dept.
Nerval's Lobster writes: Despite years of layoffs and tumbling net worth, AOL seemed to get a new lease on life this week when Verizon bought it for $4.4 billion. But even if AOL's still alive, using an AOL email address has long been seen as a way of signaling that you're stuck in the 1990s. A recent analysis of Dice data found that a mere 1.8 percent of those registering for the site used an AOL address, versus 55 percent for Gmail. For the past several years, Websites from Gizmodo to Lifehacker have all declared that still using an AOL email address is counterproductive, to put it mildly. But is that actually true? Do the people in your life and work actually care whether you use AOL, Hotmail, Gmail, or a custom address, or is the idea of 'email bias' an overblown myth?
Classic Games (Games)

(Hack) and Slash: Doing the LORD's Work 63

Posted by timothy
from the working-in-mysterious-ways dept.
Emmett Plant (former Slashdot editor as well as video interviewee) writes: Legend of the Red Dragon was written by Seth Robinson in 1989, and it remains one of the most popular games of the DOS BBS era. Chris England has been doing his part to keep the game alive for the past twelve years, adapting an installation that runs on Linux. I was only able to play for two days before I was overcome with curiosity -- I wrote to Chris, politely inquiring as to how it all came together. Read on below for a look into Chris's motivations, the state of the project, and just how deeply nested it can all get, when bringing games from early BBS days into the modern era.
Security

'Venom' Security Vulnerability Threatens Most Datacenters 95

Posted by Soulskill
from the holes-in-legacy-code dept.
An anonymous reader sends a report about a new vulnerability found in open source virtualization software QEMU, which is run on hardware in datacenters around the world (CVE-2015-3456). "The cause is a widely-ignored, legacy virtual floppy disk controller that, if sent specially crafted code, can crash the entire hypervisor. That can allow a hacker to break out of their own virtual machine to access other machines — including those owned by other people or companies." The vulnerable code is used in Xen, KVM, and VirtualBox, while VMware, Hyper-V, and Bochs are unaffected. "Dan Kaminsky, a veteran security expert and researcher, said in an email that the bug went unnoticed for more than a decade because almost nobody looked at the legacy disk drive system, which happens to be in almost every virtualization software." The vulnerability has been dubbed "Venom," for "Virtualized Environment Neglected Operations Manipulation."
United States

Microsoft-Backed Think Tank: K-12 CS Education Cure For Sagging US Productivity 131

Posted by samzenpus
from the cure-for-what-ails-you dept.
theodp writes: On May 6, notes think tank Brookings, the Department of Labor released labor productivity data showing that output per worker fell by 1.9 percent during the first quarter of 2015. But fear not — the Metropolitan Policy Program of [Microsoft-backed] Brookings says K-12 computer science education is the cure for what ails U.S. productivity: "So how can the United States reverse this trend? First, states, metropolitan areas, and school districts must recognize that basic digital literacy is no longer sufficient preparation for the 21st century workforce. Familiarity with higher-level skills such as coding will be critical as the role of technology continues to grow. The 60-plus school districts that have partnered with [Microsoft-backed] Code.org have already begun to move in this direction. By introducing students to computer science fundamentals early on, Code.org and its partner districts will help get more people on pathways to well-paying jobs in computer programming and other fields." Creating a national K-12 CS and tech immigration crisis was proposed as Microsoft introduced its 'two-pronged' National Talent Strategy to increase K-12 CS education and the number of H-1B visas at a Brookings event in 2012. While creating a K-12 CS crisis fell to Code.org, fanning the flames of a tech immigration crisis is the purvey of [Microsoft exec-backed] FWD.us, the PAC formed by Facebook CEO Mark Zuckerberg, which recently sent an email blast warning U.S. citizens they're in 'A Gigantic Global Talent War', adding that China and India citizens are "just laughing [at the US], saying it's so easy to pick from you guys... we just take all the talent."
Network

The Ambitions and Challenges of Mesh Networks and the Local Internet Movement 56

Posted by Soulskill
from the net-positives-and-net-negatives dept.
Lashdots writes: Two artists in New York are hatching a plan to teach kids about the internet by building their own. They'll be creating a small, decentralized network, similar to a mesh network, to access other computers, and they'll be developing their own simple social network to communicate with other people. It's part of a growing movement to supplement the Internet with resilient, local alternatives. "And yet, while the decentralized, ad hoc network architecture appeals philosophically to tech-savvy users fed up with monopolistic ISPs, nobody’s found a way to make mesh networks work easily and efficiently enough to replace home Internet connections. Built more for resiliency than for speed, each participating router must continuously search for the best paths to far-flung machines. For now, that makes them of limited interest to many ordinary consumers who simply want to check their email and watch movies."
Portables

Ask Slashdot: Most Chromebook-Like Unofficial ChromeOS Experience? 99

Posted by Soulskill
from the get-your-company-to-pay-for-it-wink-wink dept.
An anonymous reader writes: I am interested in Chromebooks, for the reasons that Google successfully pushes them: my carry-around laptops serve mostly as terminals, rather than CPU-heavy workhorses, and for the most part the whole reason I'm on my computer is to do something that requires a network connection anyhow. My email is Gmail, and without particularly endorsing any one element, I've moved a lot of things to online services like DropBox. (Some offline capabilities are nice, but since actual Chromebooks have been slowly gaining offline stuff, and theoretically will gain a lot more of that, soon, I no longer worry much about a machine being "useless" if the upstream connection happens to be broken or absent. It would just be useless in the same way my conventional desktop machine would be.) I have some decent but not high-end laptops (Core i3, 2GB-4GB of RAM) that I'd enjoy repurposing as Chromebooks without pedigree: they'd fall somewhat short of the high-end Pixel, but at no out-of-pocket expense for me unless I spring for some cheap SSDs, which I might.

So: how would you go about making a Chromebook-like laptop? Yes, I could just install any Linux distro, and then restrain myself from installing most apps other than a browser and a few utilities, but that's not quite the same; ChromeOS is nicely polished, and very pared down; it also seems to do well with low-memory systems (lots of the current models have just 2GB, which brings many Linux distros to a disk-swapping crawl), and starts up nicely quick.

It looks like the most "authentic" thing would be to dive into building Chromium OS (which looks like a fun hobby), but I'd like to find something more like Cr OS — only Cr OS hasn't been updated in quite a while. Perhaps some other browser-centric pared-down Linux would work as well. How would you build a system? And should I go ahead and order some low-end 16GB SSDs, which I now see from online vendors for less than $25?
Communications

VA Tech Student Arrested For Posting Perceived Threat Via Yik Yak 254

Posted by timothy
from the how-to-win-friends-and-influence-people dept.
ememisya writes: I wonder if I posted, "There will be another 12/7 tomorrow, just a warning." around December, would people associate it with Pearl Harbor and I would find myself arrested, or has enough time passed for people to not look at the numbers 12 and 7 and take a knee jerk reaction? A student was arrested for "Harassment by Computer" (a class 1 misdemeanor in the state of Virginia) due to his post on an "anonymous" website [Yik Yak]. Although the post in and of itself doesn't mean anything to most people in the nation, it managed to scare enough people locally for law enforcement agencies to issue a warrant for his arrest. "Moon, a 21-year-old senior majoring in business information technology, is being charged with Harassment by Computer, which is a class one misdemeanor. Tuesday night, April 28, a threat to the Virginia Tech community was posted on the anonymous social media app Yik Yak. Around 11:15 p.m., an unknown user posted 'Another 4.16 moment is going to happen tomorrow. Just a warning (sic).' The Virginia Tech Police Department released a crime alert statement Wednesday morning via email informing students that VTPD was conducting an investigation throughout the night in conjunction with the Blacksburg Police Department."
Security

CareerBuilder Cyberattack Delivers Malware Straight To Employers 48

Posted by timothy
from the where-it-hurts dept.
An anonymous reader writes: Security threat researchers Proofpoint have uncovered an email-based phishing attack which infected businesses with malware via the CareerBuilder online job search website. The attack involved the hacker browsing job adverts across the platform and uploading malicious files during the application process, titling the documents "resume.doc" and "cv.doc." Once the CV was submitted, an automatic email notification was sent to the business advertising the position, along with the uploaded document. In this case, Proofpoint found that as a business opens the automatic email from CareerBuilder to view the attached file the document plays on a known Word vulnerability to sneak a malicious code onto the victim's computer. According to the threat research group, the manual attack technique although time-consuming has a higher success rate than automated tools as the email attachments are more likely to be opened by the receiver.
Security

Researcher Bypasses Google Password Alert For Second Time 35

Posted by timothy
from the if-you-watch-everything-you-lose-perspective dept.
Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.
Security

Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines 180

Posted by timothy
from the just-where-you-least-expect-it dept.
An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.
Education

University Overrules Professor Who Failed Entire Management Class 355

Posted by timothy
from the aggies-being-aggies dept.
McGruber writes: After a semester of disrespect, backstabbing, lying, and cheating, Texas A&M Galveston Professor Irwin Horwitz had all he could take. He "sent a lengthy email to his Strategic Management class explaining that they would all be failing the course. He said the students proved to be incompetent and lack the maturity level to enter the workforce." Professor Horwitz's email cited examples of students cheating, telling him to "chill out," and inappropriate conduct. He said students spread untrue rumors about him online, and he said at one point he even felt the need to have police protection in class. "I was dealing with cheating, dealing with individuals swearing at me both in and out of class, it got to the point that the school had to put security guards at that class and another class," said Horowitz.

However, Vice President of Academic Affairs Dr. Patrick Louchouarn made it very clear that the failing grades won't stick. The department head will take over the class until the end of the semester, according to school officials.
Government

Indian Telecom Authority Releases a Million Email IDs, Taken Down By Hackers 21

Posted by samzenpus
from the naming-names dept.
knwny writes: In a bizarre move that threatens the privacy of over a million internet users in India, the Telecom Regulatory Authority of India (TRAI) has released the list of email IDs from which it received responses regarding net neutrality. Most of these responses were sent by the general public following a massively popular online campaign to protect Internet neutrality in India. The regulatory body says that it has received large number of comments from the stakeholders on its Consultation paper on "Regulatory Framework for OTT services". So to aid the reading of comments, it has divided them into three blocks — "comments from the service providers," "comments from the service providers' association" and "comments from other stakeholders'"(this includes individuals, organizations, consulting firms etc). In the meantime, the TRAI website remains inaccessible after a DDoS attack by Anonymous India, the hacker collective, apparently in retaliation for the data release.
United States

Officials Say Russian Hackers Read Obama's Unclassified Emails 109

Posted by samzenpus
from the lets-have-a-look dept.
An anonymous reader points out that Russian hackers reportedly obtained some of President Obama’s emails when the White House’s unclassified computer system was hacked last year. Some of President Obama's email correspondence was swept up by Russian hackers last year in a breach of the White House's unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation. The hackers, who also got deeply into the State Department's unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama's BlackBerry, which he or an aide carries constantly. But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.
Censorship

Irish Legislator Proposes Law That Would Make Annoying People Online a Crime 114

Posted by Soulskill
from the turn-yourselves-in-at-the-local-pub dept.
An anonymous reader sends this report from TechDirt: Is Ireland looking to pass a law that would "outlaw ebooks and jail people for annoying others?" Well, no, not really, but that's the sort of unintended consequences that follow when laws are updated for the 21st century using little more than a word swap. Ireland has had long-standing laws against harassment via snail mail, telephones and (as of 2007) SMS messages. A 2014 report by the government's somewhat troublingly-named "Internet Content Governance Advisory Group" recommended updating this section of the law to cover email, social media and other internet-related transmissions. ... The broad language -- if read literally -- could make emailing an ebook to someone a criminal offense. Works of fiction are, by definition, false. ... It's the vestigial language from previous iterations of the law -- words meant to target scam artists and aggressive telemarketers -- that is problematic. Simply appending the words "electronic communications" to an old law doesn't address the perceived problem (cyberbullying is cited in the governance group's report). It just creates new problems.
Apple

Apple Offers Expedited Apple Watch Order Lottery To Developers 74

Posted by samzenpus
from the your-number's-up dept.
An anonymous reader writes: Apple is sending out invites to random registered developers, giving them the chance to buy an Apple Watch with guaranteed delivery by the end of the month. "Special Opportunity for an Expedited Apple Watch Order," the invite email states. "We want to help give Apple developers the opportunity to test their WatchKit apps on Apple Watch as soon as it is available. You have the chance to purchase one (1) Apple Watch Sport with 42mm Silver Aluminum Case and Blue Sport Band that's guaranteed to ship by April 28, 2015."
Crime

Can Online Reporting System Help Prevent Sexual Assaults On Campus? 234

Posted by timothy
from the vote-early-and-often dept.
jyosim writes Studies have shown that as many as 90 percent of campus rapes are committed by repeat offenders. A new system is designed to help identify serial assaulters, by letting students anonymously report incidents in order to look for patterns. But some argue that having the ability to report someone with just the click of a button may not be a good thing. Andrew T. Miltenberg, a New York lawyer who represents young men accused of sexual misconduct, says though the system seems well intended, he is concerned about dangers it may pose to students who are accused. 'We're all guilty of pressing send on an angry text or email that, had we had to put it into an actual letter and proofread, we probably wouldn't have sent,' he says.
Mars

Briny Water May Pool In Mars' Equatorial Soil 39

Posted by samzenpus
from the wet-around-the-middle dept.
astroengine writes Mars may be a frigid desert, but perchlorate salts in the planet's soil are lowering the freezing temperature of water, setting up conditions for liquid brines to form at equatorial regions, new research from NASA's Curiosity rover shows. The discovery of subsurface water, even a trickle, around the planets warmer equatorial belt defies current climate models, though spacecraft orbiting Mars have found geologic evidence for transient liquid water, a phenomenon termed "recurring slope lineae." The findings, published in this week's Nature Geoscience, are based on nearly two years worth of atmospheric humidity and temperature measurements collected by the roving science laboratory Curiosity, which is exploring an ancient impact basin called Gale Crater near the planet's equator. The brines, computer models show, form nightly in the upper 2 inches of the planet's soil as perchlorates absorb atmospheric water vapor. As temperatures rise in the morning, the liquid evaporates. The levels of liquid, however, are too low to support terrestrial-type organisms, the researchers conclude. "It is not just a problem of water, but also temperature. The water activity and temperatures are so low in Mars that they are beyond the limits of cell reproduction and metabolism," Javier Martin-Torres, with Lulea University of Technology, in Kiruna, Sweden, wrote in an email to Discovery News.