Security

Tor Is Building the Next Generation Dark Net With Funding From DARPA 35

Posted by Soulskill
from the seek-and-go-hide dept.
Patrick O'Neill writes: After years of relative neglect, Tor has been able to dedicate increasing time and resources to its hidden services thanks to funding in part by DARPA, as well as an upcoming crowdfunding campaign. DARPA's funding lasts 1-3 years and covers several projects including security and usability upgrades that close the gap between hidden services and the everyday Internet. "Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites. ... Hidden services, which make up about 4 percent of the entire Tor network, have until recently been relatively neglected when it comes to funding and developing."
Television

Netflix Is Betting On Exclusive Programming 145

Posted by Soulskill
from the you-did-say-you-wanted-a-la-carte dept.
An anonymous reader writes: You may have heard of the recent launch of the new Daredevil TV show, and possibly the hit shows House of Cards and Orange is the New Black. They're all original programming from Netflix — the company that used to just mail DVDs to your door. But Netflix is now running a lot more than just those three shows — it has 320 hours of original programming planned for this year. This article discusses how Netflix is betting big on original, exclusive content, and what that means for the future of television. "Traditionally, television networks needed to stand for something to carve out an audience, he said, whereas the Internet allows brands to mean different things to different people because the service can be personalized for individual viewers. That means that for a conservative Christian family, Netflix should stand for wholesome entertainment, and, for a 20-year-old New York college student, it should be much more on the edge, he said.... 'We've had 80 years of linear TV, and it's been amazing, and in its day the fax machine was amazing,' he said. "The next 20 years will be this transformation from linear TV to Internet TV.'"
Security

How Security Companies Peddle Snake Oil 51

Posted by Soulskill
from the but-this-snake-oil-is-in-the-cloud! dept.
penciling_in writes: There are no silver bullets in Internet security, warns Paul Vixie in a co-authored piece along with Cyber Security Specialist Frode Hommedal: "Just as 'data' is being sold as 'intelligence', a lot of security technologies are being sold as 'security solutions' rather than what they really are: very narrow-focused appliances that, as a best case, can be part of your broader security effort." We have to stop playing "cops and robbers" and pretending that all of us are potential targets of nation-states, or pretending that any of our security vendors are like NORAD, warn the authors.

Vixie adds, "We in the Internet security business look for current attacks and learn from those how to detect and prevent those attacks and maybe how to predict, detect, and prevent what's coming next. But rest assured that there is no end game — we put one bad guy in prison for every hundred or so new bad guys who come into the field each month. There is no device or method, however powerful, which will offer a salient defense for more than a short time. The bad guys endlessly adapt; so must we. Importantly, the bad guys understand how our systems work; so must we."
The Internet

Why the Journey To IPv6 Is Still the Road Less Traveled 288

Posted by samzenpus
from the that-has-made-all-the-difference dept.
alphadogg writes The writing's on the wall about the short supply of IPv4 addresses, and IPv6 has been around since 1999. Then why does the new protocol still make up just a fraction of the Internet? Though IPv6 is finished technology that works, rolling it out may be either a simple process or a complicated and risky one, depending on what role you play on the Internet. And the rewards for doing so aren't always obvious. For one thing, making your site or service available via IPv6 only helps the relatively small number of users who are already set up with the protocol, creating a nagging chicken-and-egg problem.
Crime

New Dark Web Market Is Selling Zero-Day Exploits 28

Posted by samzenpus
from the finest-crime dept.
Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers' zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal's creators say they're looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.

Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Businesses

Comcast and TWC Will Negotiate With Officials To Save Their Merger 86

Posted by samzenpus
from the lets-talk-about-this dept.
An anonymous reader writes with news about Comcast and Time Warner Cable's attempt to keep their proposed merger alive. "Comcast Corp. and Time Warner Cable Inc. are slated to sit down for the first time on Wednesday with Justice Department officials to discuss potential remedies in hopes of keeping their $45.2 billion merger on track, according to people familiar with the matter. The parties haven't met face-to-face to hash out possible concessions in the more than 14 months since the deal was announced. Staffers at both the Justice Department and the Federal Communications Commission remain concerned a combined company would wield too much power in the broadband Internet market and give it unfair competitive leverage against TV channel owners and new market entrants that offer video programming online, said people with knowledge of the review."
Security

Chrome 43 Should Help Batten Down HTTPS Sites 70

Posted by timothy
from the yes-yes-we-know dept.
River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can't or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an 'mixed-content warning' in the form of a yellow triangle over the padlock.
Google

Google To Propose QUIC As IETF Standard 84

Posted by timothy
from the ok-now-do-it-this-way dept.
As reported by TechCrunch, "Google says it plans to propose HTTP2-over-QUIC to the IETF as a new Internet standard in the future," having disclosed a few days ago that about half of the traffic from Chrome browsers is using QUIC already. From the article: The name "QUIC" stands for Quick UDP Internet Connection. UDP's (and QUIC's) counterpart in the protocol world is basically TCP (which in combination with the Internet Protocol (IP) makes up the core communication language of the Internet). UDP is significantly more lightweight than TCP, but in return, it features far fewer error correction services than TCP. ... That's why UDP is great for gaming services. For these services, you want low overhead to reduce latency and if the server didn't receive your latest mouse movement, there's no need to spend a second or two to fix that because the action has already moved on. You wouldn't want to use it to request a website, though, because you couldn't guarantee that all the data would make it. With QUIC, Google aims to combine some of the best features of UDP and TCP with modern security tools.
The Internet

Ask Slashdot: What Features Would You Like In a Search Engine? 261

Posted by timothy
from the esp-heads-the-list dept.
New submitter nicolas.slusarenko writes Nowadays, there is one dominant search engine in the world among few alternatives. I have the impression that the majority of users think that it is the best possible service that could be made. I am sure that we could have a better search engine. During my spare time I been developing Trokam, an online search engine. I am building this service with the features that I would like to find in a service: respectful of user rights, ad-free, built upon open source software, and with auditable results. Well, those are mine. What features would you like in a search engine?
Businesses

Twitter Moves Non-US Accounts To Ireland, and Away From the NSA 147

Posted by timothy
from the be-right-over-here-guys dept.
Mark Wilson writes Twitter has updated its privacy policy, creating a two-lane service that treats U.S. and non-U.S. users differently. If you live in the U.S., your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope. What's the significance of this? Twitter Inc is governed by U.S. law; it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-U.S. operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.
Google

Google Ready To Unleash Thousands of Balloons In Project Loon 48

Posted by timothy
from the buncha-crazies dept.
jfruh writes Google has figured out how to produce an Internet-broadcast balloon in a few hours, and is on the verge of unleashing Project Loon onto the world. The project, which will work with ISPs to beam LTE cellular signals to remote regions that don't have Internet access, will be working with local ISPs rather than selling broadband directly to customers.
AMD

AMD Withdraws From High-Density Server Business 129

Posted by samzenpus
from the stop-the-bleeding dept.
An anonymous reader sends word that AMD has pulled out of the market for high-density servers. "AMD has pulled out of the market for high-density servers, reversing a strategy it embarked on three years ago with its acquisition of SeaMicro. AMD delivered the news Thursday as it announced financial results for the quarter. Its revenue slumped 26 percent from this time last year to $1.03 billion, and its net loss increased to $180 million, the company said. AMD paid $334 million to buy SeaMicro, which developed a new type of high-density server aimed at large-scale cloud and Internet service providers."
Security

Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics 113

Posted by timothy
from the this-postcard-is-just-an-atom-bomb dept.
An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."
The Internet

India's Net Neutrality Campaign Picks Up Steam, Sites Withdraw From Internet.org 75

Posted by samzenpus
from the leaving-the-ship dept.
First time accepted submitter arvin (916235) writes The Huffington Post reports on prominent Indian websites withdrawing from Facebook's internet.org initiative. The net neutrality debate in the country has focused on zero-rating, where ISPs offer a free data plan which provides access to a set of websites that pay to be included. Internet.org provides free access to Facebook, Bing, Wikipedia and a few other websites. Another similar service, Airtel Zero, lost its flagship partner as e-commerce company Flipkart withdrew following a social media backlash.

Net neutrality activists believe that as these plans proliferate, access to the open internet will become extremely expensive or unavailable, innovation will slow as for startups are prevented from reaching the market, and the competitive consumer ISP market will be replaced with a cartel negotiating against internet companies. In a campaign similar to that in the US, over 630,000 Indians sent responses to their regulator through the website savetheinternet.in.
Technology

The Crazy-Tiny Next Generation of Computers 104

Posted by samzenpus
from the getting-small dept.
An anonymous reader writes University of Michigan professors are about to release the design files for a one-cubic-millimeter computer, or mote. They have finally reached a goal set in 1997, when UC Berkeley professor Kristopher Pister coined the term "smart dust" and envisioned computers blanketing the Earth. Such motes are likely to play a key role in the much-ballyhooed Internet of Things. From the article: "When Prabal Dutta accidentally drops a computer, nothing breaks. There’s no crash. The only sound you might hear is a prolonged groan. That’s because these computers are just one cubic millimeter in size, and once they hit the floor, they’re gone. 'We just lose them,' Dutta says. 'It’s worse than jewelry.' To drive the point home, Dutta, an assistant professor of electrical engineering at the University of Michigan, emails me a photo of 50 of these computers. They barely fill a thimble halfway to its brim."
Transportation

GAO Warns FAA of Hacking Threat To Airliners 78

Posted by Soulskill
from the not-agile-enough-to-respond dept.
chicksdaddy writes: A report from the Government Accountability Office (GAO) warns that the U.S. Federal Aviation Administration may be failing to address cyber security vulnerabilities that could allow remote attacks on avionics systems needed to keep the plane airborne. In a report issued Tuesday (PDF), the GAO said, "significant security-control weaknesses remain that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system." Among those: a lack of clear certification for aircraft airworthy readiness that encompasses cyber security protections. That lapse could allow planes to fly with remotely exploitable vulnerabilities that could affect aircraft controls and guidance systems.

The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.

Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
Power

Researchers Design a Self-Powered Digital Camera 85

Posted by Soulskill
from the thankfully-not-a-selfie-powered-camera dept.
Jason Koebler writes: Researchers at Columbia University have designed a fully electric digital camera that powers itself using ambient light. Put in a well-lit room, it would work indefinitely. The camera's image sensor does double duty. It measures the light needed to make the photograph, and it also takes excess light and uses it to power a capacitor (it has no battery) that runs the camera (PDF). The research team says the technology can be used to create self-powered cameras that can live on the internet of things.
The Almighty Buck

'We the People' Petition To Revoke Scientology's Tax Exempt Status 699

Posted by Soulskill
from the brought-to-you-by-years-of-pointless-irritation dept.
An anonymous reader writes: There has been a lot of interest in the activities of the Church of Scientology recently, especially since the release of Alex Gibney's documentary Going Clear. A petition against tax-exempt status for Scientology has been started on the U.S. White House petition website. If it receives more than 100,000 signatures, it will qualify for an official White House response. Even Slashdot has had its own run-ins with Scientology in the past — one of many internet sites to face legal threats from the Church. Has the time come for Scientology go "clear?"
Crime

Allegation: Lottery Official Hacked RNG To Score Winning Ticket 342

Posted by timothy
from the his-number-was-up dept.
SternisheFan writes with this excerpt from Ars Technica about what may be the most movie-worthy real-life crime story of the year so far: Eddie Raymond Tipton, 51, may have inserted a thumbdrive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners, The Des Moines Register reported, citing court documents filed by prosecutors. At the time, Tipton was the information security director of the Multi-State Lottery Association, and he was later videotaped purchasing a Hot Lotto ticket that went on to fetch the winning $14.3 million payout.

In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and
infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren't connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.

"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions," prosecutors wrote. "The fifth person is defendant. It is a reasonable deduction to infer that defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."
The Internet

Republicans Introduce a Bill To Overturn Net Neutrality 441

Posted by Soulskill
from the not-neutrality dept.
New submitter grimmjeeper writes: IDG News reports, "A group of Republican lawmakers has introduced a bill that would invalidate the U.S. Federal Communications Commission's recently passed net neutrality rules. The legislation (PDF), introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process."

This move should come as little surprise to anyone. While the main battle in getting net neutrality has been won, the war is far from over.
The legislation was only proposed now because the FCC's net neutrality rules were just published in the Federal Register today. In addition to the legislation, a new lawsuit was filed in the U.S. Court of Appeals for the District of Columbia Circuit by USTelecom, a trade group representing ISPs.