Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Comments: 104 +-   Is Code Auditing of Open Source Apps Necessary? on Wednesday December 23, @11:45AM

Posted by CmdrTaco on Wednesday December 23, @11:45AM
from the but-I-thought-there-were-no-bugs dept.
security
An anonymous reader writes "Following Sun Microsystems' decision to release a raft of open source applications to support its secure cloud computing strategy, companies may be wondering if they should conduct security tests of their customized open source software before deployment. While the use of encryption and VPNs to extend a secure bridge between a company IT resource and a private cloud facility is very positive — especially now that Amazon is beta testing its pay-as-you-go private cloud facility — it's important that the underlying application code is also secure. What do you think?"
Read More... 104 comments story

Comments: 83 +-   Intel Patches Flaws In Trusted Execution Tech on Tuesday December 22, @10:43PM

Posted by kdawson on Tuesday December 22, @10:43PM
from the trusting-trust dept.
intel
An anonymous reader writes "Joanna Rutkowska's company Invisible Things Lab has issued the results of their research into flaws in Intel's Trusted Execution Technology (TXT), whose function is to provide a mechanism for safe loading of system software and to protect sensitive files. ITL describes how flaws in TXT can be used to compromise the integrity of a software loaded via an Intel TXT-based loader in a generic way, fully circumventing any protection TXT is supposed to provide. The attack exploits an implementation error in the so-called SINIT Authenticated Code modules and that could potentially allow a malicious attacker to elevate their privileges. Intel has released a patch for the affected chipsets, which include the Q35, GM45, PM45 Express, Q45, and Q43 Express." Here are ITL's press release (PDF) and Intel's advisory.
Read More... 83 comments story

Comments: 53 +-   Citibank Denies Reported Breach Linked To Russian Gang on Tuesday December 22, @06:01PM

Posted by kdawson on Tuesday December 22, @06:01PM
from the no-russians-in-here-no-siree dept.
security
alphadogg writes "US authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by criminals using Russian software tailored for the attack, according to the Wall Street Journal (subscription required to access that link — CNET's coverage here). The security breach at the major US bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, the WSJ reported today, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography, and spam. The FBI is probing the case, the report said. It was not known whether the money had been recovered and a Citibank representative said the company denied any system breach or losses, according to the report."
Read More... 53 comments story

Comments: 259 +-   Windows 7 May Finally Get IPv6 Deployed on Tuesday December 22, @03:49PM

Posted by kdawson on Tuesday December 22, @03:49PM
from the whatever-it-takes dept.
networking
Esther Schindler writes "According to this article at IT Expert Voice, Windows 7 and IPv6: Useful at Last?, we've had so many predictions that this will be 'the year of IPv6' that most of us have stopped listening. But the network protocol may have new life breathed into it because IPv6 is a requirement for DirectAccess. DirectAccess, a feature in Windows 7, makes remote access a lot easier — and it doesn't require a VPN. (Lisa Vaas interviews security experts and network admins to find out what they think of that idea.) The two articles examine the advantages and disadvantages of DirectAccess, with particular attention to the possibility that Microsoft's sponsorship may give IPv6 the deployment push it has lacked."
Read More... 259 comments story

Comments: 163 +-   Microsoft Policies Help Virus Writers, Says Security Firm on Tuesday December 22, @12:00PM

Posted by timothy on Tuesday December 22, @12:00PM
from the this-door-to-remain-unlocked-at-all-times dept.
windows
Barence writes "Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC because 'they are not at risk of infection.' Trend Micro warns that by making such information available, Microsoft is effectively creating a hit list for malware writers. 'Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one,' the company's researcher, David Sancho, writes on theTrend Micro blog."
Read More... 163 comments story

Comments: 133 +-   Cyber-Security Czar To Be Named on Tuesday December 22, @08:20AM

Posted by kdawson on Tuesday December 22, @08:20AM
from the lightning-rod-for-blame dept.
government
The Washington Post and everybody else is reporting that on Tuesday President Obama will name Howard A. Schmidt as cyber-security czar. Schmidt was an advisor to President Bush on cyber-security matters. The Post rehearses the reasons why the Obama administration has had difficulty in finding someone for the post, and notes that the turf battles did not start in this administration: "Schmidt was chosen after a long process in which dozens of people were sounded out. Many declined the post, largely out of concern that the job conferred much responsibility with little true authority, some of them said. Meanwhile, the cybersecurity chief at the National Security Council, Christopher Painter, has served as the de facto coordinator, trying to push ahead the 60-day cyberspace policy review plan unveiled by Obama in May. That plan's formulation was led by Melissa Hathaway, who resigned in frustration in August after delays in naming a cyber-coordinator. She had been a contender for the position... Schmidt served as special adviser for cyberspace security from 2001 to 2003 and shepherded the National Strategy to Secure Cyberspace, a plan that then was largely ignored. He left that job also frustrated, colleagues said."
Read More... 133 comments story

Comments: 131 +-   Malware and Botnet Operators Going ISP on Monday December 21, @04:53PM

Posted by ScuttleMonkey on Monday December 21, @04:53PM
from the spam-is-big-business dept.
security
Trailrunner7 writes to mention that malware and botnet operators appear to be escalating to the next level by setting up their own virtual data centers. This elevates the criminals to the ISP level, making it much harder to stop them. "The criminals will buy servers and place them in a large data center and then submit an application for a large block of IP space. In some cases, the applicants are asked for nothing more than a letter explaining why they need the IP space, security researchers say. No further investigation is done, and once the criminals have the IP space, they've taken a layer of potential problems out of the equation. 'It's gotten completely out of hand. The bad guys are going to some local registries in Europe and getting massive amounts of IP space and then they just go to a hosting provider and set up their own data centers,' said Alex Lanstein, senior security researcher at FireEye, an anti-malware and anti-botnet vendor. 'It takes one more level out of it: You own your own IP space and you're your own ISP at that point.'"
Read More... 131 comments story

Comments: 206 +-   DECAF Was Just a Stunt, Now Over on Friday December 18, @01:49PM

Posted by ScuttleMonkey on Friday December 18, @01:49PM
from the insecure-security dept.
microsoft
An anonymous reader writes to tell us of the de-activation of all copies of DECAF. The creators have announced that the DECAF project was nothing more than a "stunt to raise awareness for security and the need for better forensic tools." Originally DECAF was billed as a tool to stop Microsoft's forensic tool "COFEE" and was covered here earlier this week. In addition to their message of security the authors somehow manage to interject a discussion about religion, so who knows what the real goal was.
Read More... 206 comments story

Comments: 133 +-   Yes, Google Does De-List Pages; But When? on Friday December 18, @01:04PM

Posted by kdawson on Friday December 18, @01:04PM
from the how-offensive-is-too-offensive dept.
google
Frequent Slashdot contributor Bennett Haselton writes "Google finds itself inserting a disclaimer once again above some offensive search results. But the disclaimer still leads many to believe (incorrectly) that Google doesn't tamper with search results even in cases of 'harmful' or 'offensive' material. We know that Google has in fact de-listed some pages at the request of offended parties. What is their real policy on the issue?" Read on for Bennet's essay.
Read 13035 More Bytes... 133 comments story

Comments: 277 +-   Firefox Mobile Threatens Mobile App Stores, Says Mozilla on Thursday December 17, @06:20PM

Posted by timothy on Thursday December 17, @06:20PM
from the race-to-the-bottom-price dept.
mozilla
Barence writes "Mozilla claims that its new Firefox Mobile browser could be the beginning of the end for the hugely popular app stores created by Apple and its ilk. Mozilla claims Firefox Mobile will have the fastest Javascript engine of any mobile browser, and that will allow developers to write apps once for the web, instead of multiple versions for the different mobile platforms. 'As developers get more frustrated with quality assurance, the amount of handsets they have to buy, whether their security updates will get past the iPhone approval process ... I think they'll move to the web,' Mozilla's mobile VP, Jay Sullivan, told PC Pro. 'In the interim period, apps will be very successful. Over time, the web will win because it always does.'"
Read More... 277 comments story

Comments: 152 +-   Autonomous Intelligent Botnets Bouncing Back on Thursday December 17, @09:21AM

Posted by CmdrTaco on Thursday December 17, @09:21AM
from the duck-and-cover dept.
security
coomaria writes "Thought that 2009 was the year botnets died? Well, think again: compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world every single day this year, and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."
Read More... 152 comments story

Comments: 124 +-   Computer Scientist Looks At ICBM Security on Thursday December 17, @07:57AM

Posted by samzenpus on Thursday December 17, @07:57AM
from the two-man-job dept.
military
An anonymous reader writes "Computer security guru Matt Blaze takes a tour of a decommissioned ICBM complex in Arizona. Cool photos, insightful perspective on two man control, perimeter security, human factors and why we didn't blow ourselves up. From the article: 'The most prominent security mechanism at the Titan site, aside from the multiple layers of thick blast-proof entry doors and the fact that the entire complex is buried underground, was procedural: almost all activities required two person control. Everywhere outside of the kitchen, sleeping quarters and toilet were "no lone zones" where a second person had to be present at all times, even for on-duty members of the launch crews.'"
Read More... 124 comments story

Comments: 56 +-   Doom-Like Video Surveillance For Ports In Development on Thursday December 17, @05:48AM

Posted by Soulskill on Thursday December 17, @05:48AM
from the hurt-me-plenty dept.
security
oranghutan writes "A research and development group down under is working to develop an advanced video surveillance system for ports around the world that uses video superimposed onto a 3D map. With 16-megapixel high-definition cameras on a distributed (cabled) network and a proprietary system written in a variety of languages (C++, Python, SQL, etc.), the group from NICTA is aiming to allow security teams at the Port of Brisbane — which is 110km long — to monitor shipping movements, cargo and people. By scrolling along a 3D map, the security teams can click on a location and then get a real-time video feed superimposed onto the map. Authorities from around the world with the right permissions can then access the same system. The main difference from regular surveillance systems is the ability to switch views without having to know camera numbers/locations and the one screen view."
Read More... 56 comments story

Comments: 79 +-   Sam Ramji Answers Your Questions on Wednesday December 16, @03:00PM

Posted by ScuttleMonkey on Wednesday December 16, @03:00PM
from the horse's-mouth dept.
microsoft
A couple weeks back you asked some questions of new CodePlex Foundation President Sam Ramji. He has responded and expressed interest in participating in the discussion at some point. If you have follow up questions feel free to drop them in the discussion so he can address them as he has time.
Read More... 79 comments story

Comments: 927 +-   Israeli Border Police Shoot US Student's Laptop on Wednesday December 16, @05:37AM

Posted by kdawson on Wednesday December 16, @05:37AM
from the no-less-no-more dept.
security
zerothink writes "American student Lily Sussman, 21, upon entry into Israel from Taba (Egypt, Sinai) caught Israeli border police in grumpy mood — after two hours of questions and searching through her belongings they decided to put three bullets through her laptop. Explanation? 'I'm sorry but we had to blow up your laptop.' Haaretz also covered the story." All three bullets missed the hard disk.
Read More... 927 comments story

Comments: 170 +-   Gravatars Can Leak Users' Email Addresses on Wednesday December 16, @12:20AM

Posted by kdawson on Wednesday December 16, @12:20AM
from the chatty-little-things dept.
security
abell writes "Gravatar offers a global avatar service, using an MD5 hash of the user's email as avatar ID. This piece of information in some cases is enough to retrieve the original email address. Testing a simple attack on stackoverflow.com, I was able to determine the email addresses of more than 10% of the site's users."
Read More... 170 comments story

Comments: 154 +-   Hackers Counter Microsoft COFEE With Some DECAF on Tuesday December 15, @10:36PM

Posted by kdawson on Tuesday December 15, @10:36PM
from the please-mister-moto dept.
microsoft
An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.
Read More... 154 comments story

Comments: 111 +-   What Is the State of Linux Security DVR Software? on Tuesday December 15, @11:51AM

Posted by timothy on Tuesday December 15, @11:51AM
from the peer-out-of-the-basement dept.
security
StonyCreekBare writes "I am wondering what slashdotters have to offer on the idea of Linux based security systems, especially DVR software. I am aware of Zoneminder, but wonder what else is out there? Are there applications that will not only monitor video cameras, but motion sensors and contact closure alarms? What is state of the art in this area, and how do the various Linux platforms stack up in comparison to dedicated embedded solutions? Will these 'play nice' with other software, such as Asterisk, and Misterhouse? Can one server host three or four services applications of this nature, assuming CPU/memory/disk resources are sufficient?"
Read More... 111 comments story

Comments: 195 +-   Adobe Warns of Reader, Acrobat Attack on Tuesday December 15, @11:03AM

Posted by timothy on Tuesday December 15, @11:03AM
from the gnome's-reader's-pretty-good-y'know dept.
security
itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."
Read More... 195 comments story

Comments: 104 +-   Cybersecurity Czar Job Is Useless, Says Spafford on Monday December 14, @03:46PM

Posted by Soulskill on Monday December 14, @03:46PM
from the federal-whipping-czar dept.
security
Trailrunner7 writes "It's been about seven months since Obama announced his plan to hire a cybersecurity coordinator, and the job is still vacant. Several prominent security experts have turned the position down, and in an interview on Threatpost, Purdue professor Gene Spafford says that the position is pointless. 'It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position,' Spafford said."
Read More... 104 comments story

Hot Comments

Poll In total, I've downloaded X Linux ISOs, where X= ...
1-10
11-20
21-30
31-40
41-50
More than 50
I have never downloaded a Linux ISO.
[ Results | Polls ]
Comments:409 | Votes:26326

Slashdot Login

Log In

Create Account  |  Retrieve Password

Recent reviews from Slashdot readers:

Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus

Search
"We are on the verge: Today our program proved Fermat's next-to-last theorem." -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.