Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Security

Building a Honeypot To Observe Shellshock Attacks In the Real World 29

Posted by timothy
from the distract-them-with-fresh-targets dept.
Nerval's Lobster writes A look at some of the Shellshock-related reports from the past week makes it seem as if attackers are flooding networks with cyberattacks targeting the vulnerability in Bash that was disclosed last week. While the attackers haven't wholesale adopted the flaw, there have been quite a few attacks—but the reality is that attackers are treating the flaw as just one of many methods available in their tool kits. One way to get a front-row seat of what the attacks look like is to set up a honeypot. Luckily, threat intelligence firm ThreatStream released ShockPot, a version of its honeypot software with a specific flag, "is_shellshock," that captures attempts to trigger the Bash vulnerability. Setting up ShockPot on a Linux server from cloud host Linode.com is a snap. Since attackers are systematically scanning all available addresses in the IPv4 space, it's just a matter of time before someone finds a particular ShockPot machine. And that was definitely the case, as a honeypot set up by a Dice (yes, yes, we know) tech writer captured a total of seven Shellshock attack attempts out of 123 total attacks. On one hand, that's a lot for a machine no one knows anything about; on the other, it indicates that attackers haven't wholesale dumped other methods in favor of going after this particular bug. PHP was the most common attack method observed on this honeypot, with various attempts to trigger vulnerabilities in popular PHP applications and to execute malicious PHP scripts.
Bug

Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws 58

Posted by timothy
from the steady-as-she-goes dept.
darthcamaro writes Amazon, Rackspace and IBM have all patched their public clouds over the last several days due to a vulnerability in the Xen hypervisor. According to a new report, the Xen project was first advised of the issue two weeks ago, but instead of the knee jerk type reactions we've seen with Heartbleed and now Shellshock, the Xen project privately fixed the bug and waited until all the major Xen deployments were patched before any details were released. Isn't this the way that all open-source projects should fix security issues? And if it's not, what is?
United Kingdom

UK Copyright Reforms Legalize Back-Ups, Protect Parody 36

Posted by timothy
from the thank-you-sirs-may-I-copy-another? dept.
rastos1 writes A law has come into effect that permits UK citizens to make copies of CDs, MP3s, DVDs, Blu-rays and e-books. Consumers are allowed to keep the duplicates on local storage or in the cloud. While it is legal to make back-ups for personal use, it remains an offence to share the data with friends or family. Users are not allowed to make recordings of streamed music or video from Spotify and Netflix, even if they subscribe to the services. Thirteen years after iTunes launched, it is now legal to use it to rip CDs in the UK. Just as interesting are the ways that the new UK law explicitly, if imperfectly, protects parody.
Open Source

Linux Foundation Announces Major Network Functions Virtualization Project 40

Posted by Soulskill
from the building-future-tech dept.
Andy Updegrove writes: The Linux Foundation this morning announced the latest addition to its family of major hosted open source initiatives: the Open Platform for NFV Project (OPNFV). Its mission is to develop and maintain a carrier-grade, integrated, open source reference platform for the telecom industry. Importantly, the thirty-eight founding members include not only cloud and service infrastructure vendors, but telecom service providers, developers and end users as well. The announcement of OPNFV highlights three of the most significant trends in IT: virtualization (the NFV part of the name refers to network function virtualization), moving software and services to the cloud, and collaboratively developing complex open source platforms in order to accelerate deployment of new business models while enabling interoperability across a wide range of products and services. The project is also significant for reflecting a growing recognition that open source projects need to incorporate open standards planning into their work programs from the beginning, rather than as an afterthought.
Graphics

Adobe Photoshop Is Coming To Linux, Through Chromebooks 194

Posted by timothy
from the scared-of-a-little-gimp-action-eh dept.
sfcrazy writes Adobe is bringing the king of all photo editing software, Photoshop, to Linux-based Chrome OS. Chrome OS-powered devices, such as Chromebooks and Chromeboxes, already have a decent line-up of 'applications' that can work offline and eliminate the need of a traditional desktop computer. So far it sounds like great news. The bad news is that the offering is in its beta stage and is available only to the customers of the Creative Cloud Education program residing in the U.S. I have a full subscription of Creative Cloud for Photographers, and LightRoom, but even I can't join the program at the moment.
Cloud

CloudFlare Announces Free SSL Support For All Customers 66

Posted by Soulskill
from the big-step-in-the-right-direction dept.
Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.
Businesses

Ask Slashdot: Multimedia-Based Wiki For Learning and Business Procedures? 97

Posted by samzenpus
from the a-little-help-please dept.
kyle11 writes I'm scratching my head at how to develop a decent wiki for a large organization I work in. We support multiple technologies, across multiple locations, and have ways of doing things that become exponentially convoluted. I give IT training to many of these users for a particular technology, and other people do for other stuff as well. Now, I hate wikis because everyone who did one before failed and gave them a bad name. If it starts wrong, it is doomed to failure and irrelevance.

What I'm looking for would be something like a Wiki with YouTube built in — make a playlist of videos with embedded links for certain job based tasks. And reuse and recycle those videos in other playlists of other tasks as they may be applicable. It would go beyond the actual IT we work with and would include things like, "Welcome to working in this department. Here are 20 videos detailing stupid procedures you need to go through to request access to customers' systems/networks/databases to even think about doing your job." I tried MediaWiki and Xwiki, and maybe I'm doing it wrong, but I can't seem to find a way to tweak them to YouTube-level simplicity for anyone to contribute to without giving up on the thing because its' a pain in the butt.

My only real requirement is that it not be cloud-based because it will contain certain sensitive information and I'd like it all to live on one virtual machine if at all possible. I can't be the only one with this problem of enabling many people to contribute and sort their knowledge without knowing how an HTML tag works, or copying files into something more complicated than a web browser. What approaches have any of you out there taken to trying to solve a similar problem?
EU

EU Gives Google Privacy Policy Suggestions About Data Protection 42

Posted by samzenpus
from the do-it-this-way dept.
itwbennett writes In a letter to Google (PDF) that was published Thursday, the Article 29 Working Party, an umbrella group for European data protection authorities, said Google's privacy policy, in addition to being clear and unambiguous, should also include an exhaustive list of the types of personal data processed. But if all that information is overwhelming to users, Google should personalize the privacy policy to show users only the data processing it is performing on their data.
Graphics

Euclideon Teases Photorealistic Voxel-Based Game Engine 132

Posted by timothy
from the how-many-holy-grails-are-there? dept.
MojoKid writes Not many would argue that current console and PC graphics technologies still haven't reached a level of "photo-realism." However, a company by the name of Euclideon is claiming to be preparing to deliver that holy grail based on laser scanning and voxel engine-based technologies. The company has put together a six-minute video clip of its new engine, and its genuinely impressive. There's a supposed-to-be-impressive unveil around the two minute mark where the announcer declares he's showing us computer-generated graphics rather than a digital photo — something you'll probably have figured out long before that point. Euclideon's proprietary design purportedly uses a laser scanner to create a point cloud model of a real-world area. That area can then be translated into a voxel renderer and drawn by a standard GPU. Supposedly this can be done so efficiently and with such speed that there's no need for conventional load screens or enormous amounts of texture memory but rather by simply streaming data off conventional hard drives. Previously, critiques have pointed to animation as one area where the company's technique might struggle. Given the ongoing lack of a demonstrated solution for animation, it's fair to assume this would-be game-changer has some challenges still to solve. That said, some of the renderings are impressive.
Bug

Amazon Forced To Reboot EC2 To Patch Bug In Xen 94

Posted by timothy
from the failure-to-achieve-xen dept.
Bismillah writes AWS is currently emailing EC2 customers that it will need to reboot their instances for maintenance over the next few days. The email doesn't explain why the reboots are being done, but it is most likely to patch for the embargoed XSA-108 bug in Xen. ZDNet takes this as a spur to remind everyone that the cloud is not magical. Also at The Register.
Communications

Facebook To Start Testing Internet-Beaming Drones In 2015 42

Posted by timothy
from the don't-worry-that's-next-year dept.
Zothecula writes There was an understandable amount of skepticism when Amazon announced its grand plans for delivery drones last year. But if the last twelve months are any indication, Jeff Bezos and his fellow tech heavyweights are actually kinda serious about the potential of unmanned aerial vehicles. Speaking at the Social Good Summit in New York on Monday, engineering director at Facebook Connectivity Lab, Yael Maguire, has further detailed the company's vision of internet-carrying drones, with plans to begin testing in 2015.
Space

Water Discovered In Exoplanet Atmosphere 50

Posted by samzenpus
from the it's-getting-damp-in-here dept.
PattonPending sends news of the discovery of the smallest exoplanet yet to have water vapor in its atmosphere. Astronomers have detected water vapor in the atmosphere of a planet that orbits a star far beyond our solar system. Observations of the Neptune-sized planet, which lies 120 light years from Earth in the constellation of Cygnus, revealed that its atmosphere was mostly hydrogen with around 25% made up from water va-pour. Until now, researchers have been frustrated in their efforts to study the atmospheres of planets much smaller than Jupiter because their skies were thick with clouds. The problem was so persistent that astronomers had begun to think that all warm, small planets formed with substantial cloud cover. But writing in the journal Nature, scientists in the U.S. describe how they found a Neptune-sized planet with cloud-free skies, enabling them to make detailed measurements of a small planet's atmosphere for the first time.
Cloud

Apple Allegedly Knew of iCloud Brute-Force Vulnerability Since March 93

Posted by samzenpus
from the heads-up dept.
blottsie writes Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher. In a March 26 email, security researcher Ibrahim Balic tells an Apple official that he's successfully bypassed a security feature designed to prevent "brute-force" attacks. Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account.
Google

Not Just Netflix: Google Challenges Canada's Power To Regulate Online Video 109

Posted by samzenpus
from the you're-not-the-boss-of-me dept.
An anonymous reader writes Yesterday's report on the regulatory battle between Netflix and Canada's broadcast regulator has now grown as Google has jumped into the fight. Faced with similar demands from the CRTC, Google has refused to provide it with requested information, arguing that it is not part of the Canadian broadcast system and not subject to CRTC regulation. "The Google position is notable because it is presumably not based on the question of presence within Canada, since Google maintains a significant Canadian presence. Rather, the core challenge will likely focus on whether a service such as Youtube (which once went by the slogan “Broadcast Yourself”) can properly be characterized as broadcasting for the purposes of current Canadian law."
Canada

Netflix Rejects Canadian Regulator Jurisdiction Over Online Video 184

Posted by timothy
from the on-what-authority dept.
An anonymous reader writes "Last week's very public fight between the CRTC and Netflix escalated on Monday as Netflix refused to comply with Commission's order to supply certain confidential information including subscriber numbers and expenditures on Canadian children's content. While the disclosure concerns revolve around the confidentiality of the data, the far bigger issue is now whether the CRTC has the legal authority to order it to do anything at all. Michael Geist reports that Netflix and Google are ready to challenge it in a case that could head to the Supreme Court of Canada.

They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- Carl Sagan

Working...