Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Sony

Did North Korea Really Attack Sony? 62

Posted by samzenpus
from the who's-to-blame dept.
An anonymous reader writes "Many security experts remain skeptical of North Korea's involvement in the recent Sony hacks. Schneier writes: "Clues in the hackers' attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one, since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It's easy to fake, and it's even easier to interpret it incorrectly. In general, it's a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the "evidence" to suit the narrative they already have worked out in their heads.""
Sony

Sony To Release the Interview Online Today; Apple Won't Play Ball 161

Posted by samzenpus
from the watch-it-now dept.
An anonymous reader writes "The BBC reports: "Sony Pictures is to distribute its film The Interview online, after a cyber-attack and a row over its release. The film will be offered on a dedicated website — seetheinterview.com — as well as via Google and Microsoft services." Notably absent among the services to provide The Interview is Apple. The New York Times reports: "According to people briefed on the matter, Sony had in recent days asked the White House for help in lining up a single technology partner — Apple, which operates iTunes — but the tech company was not interested, at least not on a speedy time table. An Apple spokesman declined to comment. "
Security

Many DDR3 Modules Vulnerable To Bit Rot By a Simple Program 103

Posted by Soulskill
from the flipping-bits-for-fun-and-profit dept.
New submitter Pelam writes: Researchers from Carnegie Mellon and Intel report that a large percentage of tested regular DDR3 modules flip bits in adjacent rows (PDF) when a voltage in a certain control line is forced to fluctuate. The program that triggers this is dead simple — just two memory reads with special relative offset and some cache control instructions in a tight loop. The researchers don't delve deeply into applications of this, but hint at possible security exploits. For example a rather theoretical attack on JVM sandbox using random bit flips (PDF) has been demonstrated before.
Open Source

Docker Image Insecurity 68

Posted by Soulskill
from the totally-secure-for-undefined-values-of-secure dept.
An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities."
Docker's lead security engineer has responded here.
Portables (Apple)

Thunderbolt Rootkit Vector 157

Posted by Soulskill
from the like-USB-but-better dept.
New submitter Holi sends this news from PC World: Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook's boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.
OS X

Apple Pushes First Automated OS X Security Update 110

Posted by timothy
from the little-cat-feet dept.
PC Magazine reports (as does Ars Technica) that Apple this week has pushed its first automated security update, to address critical flaws relating to Network Time Protocol: The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc. A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.
Upgrades

Samsung Announces Production of 20nm Mobile LPDDR4, Faster Than Desktop DDR4 41

Posted by timothy
from the leapfrog-is-fun dept.
MojoKid writes Samsung announced today that it has begun volume production of its 8Gb LPDDR4 memory chips, with expected commercial shipments in 2015. The announcement is noteworthy for a number of reasons. First, one of the most important characteristics of a modern mobile device is its battery life, and moving to a new memory standard should significantly reduce the memory subsystem's power consumption. Second, however, there's the clock speed. Samsung is claiming that its LPDDR4 will hit 3.2GHz, and while bus widths on mobile parts are significantly smaller than the 64-bit channels that desktops use, the higher clock speed per chip will help close that gap. In fact, multiple vendors have predicted that LPDDR4 clock speeds will actually outpace standard DDR4, with a higher amount of total bandwidth potentially delivered to tablets and smartphones than conventional PCs will see. In addition, the power savings are expected to be substantial.
Businesses

JP Morgan Breach Tied To Two-Factor Authentication Slip 71

Posted by timothy
from the something-borrowed-something-blue dept.
itwbennett writes The attackers who stole information about 83 million JPMorgan Chase customers earlier this year gained a foothold on the company's network because a server reportedly lacked two-factor authentication, despite the company's practice of using two-factor authentication on most of its systems. The story, reported in the New York Times, echoes the warnings of security experts over the years that the breach of a single server or employee computer can put an entire network at risk.
Networking

NetworkManager 1.0 Released After Ten Years Development 155

Posted by Soulskill
from the good-things-come-for-those-who-wait dept.
An anonymous reader writes: After ten years of development focused on improving and simplifying Linux networking, NetworkManager 1.0 was released. NetworkManager 1.0 brings many features including an increasingly modernized client library, improved command-line support, a lightweight internal DHCP client, better Bluetooth support, VPN enhancements, WWAN IPv6 support, and other features.
United States

North Korean Internet Is Down 357

Posted by samzenpus
from the right-back-at-you dept.
First time accepted submitter opentunings writes "Engadget and many others are reporting that North Korea's external Internet access is down. No information yet regrading whether anyone's taking responsibility. From the NYT: "Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline. 'Their networks are under duress,' Mr. Madory said. 'This is consistent with a DDoS attack on their routers,' he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load."
Transportation

TSA Has Record-Breaking Haul In 2014: Guns, Cannons, and Swords 275

Posted by samzenpus
from the return-you-rifle-to-a-upright-and-locked-position dept.
An anonymous reader writes The TSA has gathered an impressive pile of confiscated weapons this year. In early November the agency had already discovered 1,855 firearms at checkpoints. In addition to guns, they've also collected machetes, hatchets, swords, giant scissors, brass knuckles, cannonballs, bear repellent and, this past October, an unloaded cannon. "Maybe someone has a lucky inert grenade they brought back from some war, or a nice cane was given to them and they forgot that the thing is actually a sword," said Jeff Price, author of Practical Aviation Security, "It's the people that are carrying stuff like chainsaws that make me wonder."
Security

South Korean Power Plants To Conduct Cyber-Attack Drills Following Hack 39

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes South Korea's nuclear operator has been targeted in a cyber-attack, with hackers threatening people to 'stay away' from three of the country's nuclear reactors should they not cease operations by Christmas. The stolen data is thought to be non-critical information, and both the company and state officials have assured that the reactors are safe. However, KHNP has said that it will be conducting a series of security drills over the next two days at four power plants to ensure they can all withstand a cyber-attack. The hacks come amid accusations by the U.S. that North Korea may be responsible for the punishing hack on Sony Pictures. Concerns have mounted that Pyongyang may initiate cyber strikes against industrial and social targets in the U.S. and South Korea.
Government

Tor Warns of Possible Disruption of Network Through Server Seizures 19

Posted by samzenpus
from the here-it-comes dept.
itwbennett writes "Without naming the group responsible, the Tor project warned that it could face attempts to incapacitate its network in the next few days through the seizure of specialized servers called directory authorities. These servers guide Tor users on the list of distributed relays on the network that bounce communications around. 'We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use,' wrote 'arma' in a post Friday on the Tor project blog. The 'arma' developer handle is generally associated with project leader Roger Dingledine. There were no reports of a seizure by late Sunday. The project promised to update the blog and its Twitter account with new information."
Transportation

Major Security Vulnerabilities Uncovered At Frankfurt Airport 91

Posted by samzenpus
from the how-many-fluid-ounces-is-that? dept.
jones_supa writes "According to a report published in this Sunday's edition of the mass-circulation Bild am Sonntag newspaper, investigators sent by the European Commission found it surprisingly easy to smuggle banned items past security at Frankfurt Airport. It said undercover investigators posing as passengers were able to smuggle weapons or other dangerous items through security every second time they tried to do so. One of the biggest problems was improperly trained staff, who were often not able to recognize dangerous items when viewing the screens they use to look at x-ray images of baggage. The staff is sourced via a privately owned service provider. Germany's Federal Police said they introduced new measures immediately after learning of the security deficits to ensure that passenger safety was guaranteed. Fraport AG, the company that operates the Germany's biggest airport, also took the findings seriously and begun an operation to retrain a total of 2,500 workers."
China

US Seeks China's Help Against North Korean Cyberattacks 153

Posted by samzenpus
from the thanks-but-no-thanks dept.
An anonymous reader writes The United States has declined an offer by North Korea for a joint investigation into the hacking of Sony Pictures and asked China to help block cyber attacks. "We have discussed this issue with the Chinese to share information, express our concerns about this attack, and to ask for their cooperation," a senior administration official said. "In our cybersecurity discussions, both China and the United States have expressed the view that conducting destructive attacks in cyberspace is outside the norms of appropriate cyber behavior." China has so far seemed less than sympathetic: "Any civilized world will oppose hacker attacks or terror threats. But a movie like The Interview, which makes fun of the leader of an enemy of the U.S., is nothing to be proud of for Hollywood and U.S. society," said an editorial in The Global Times, a tabloid sister paper to China's official The People's Daily. "No matter how the U.S. society looks at North Korea and Kim Jong Un, Kim is still the leader of the country. The vicious mocking of Kim is only a result of senseless cultural arrogance."
Security

Cyberattack On German Steel Factory Causes 'Massive Damage' 212

Posted by Soulskill
from the social-engineering-is-the-bug-you-can't-fix dept.
An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.
Sony

North Korea Denies Responsibility for Sony Attack, Warns Against Retaliation 236

Posted by Soulskill
from the it-was-the-one-armed-nation-state dept.
jones_supa writes: A North Korean official said that the secretive regime wants to mount a joint investigation with the United States to identify who was behind the cyber attack against Sony Pictures. An unnamed spokesman of the North Korean foreign ministry was quoted by the country's state news agency, KCNA, describing U.S. claims they were behind the hack as "slander." "As the United States is spreading groundless allegations and slandering us, we propose a joint investigation with it into this incident," the official said, according to Agence France-Presse. Both the FBI and President Barack Obama have said evidence was uncovered linking the hack to to North Korea, but some experts have questioned the evidence tying the attack to Pyongyang. Meanwhile, reader hessian notes that 2600: The Hacker Quarterly has offered to let the hacker community distribute The Interview for Sony. It's an offer Sony may actually find useful, since the company is now considering releasing the movie on a "different platform." Reader Nicola Hahn warns that we shouldn't be too quick to accept North Korea as the bad guy in this situation: Most of the media has accepted North Korea's culpability with little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what's happening reveals tools of modern social control (PDF). Whether or not they're responsible for the attack, North Korea has now warned of "serious consequences" if the U.S. takes action against them for it.
Crime

65,000 Complaints Later, Microsoft Files Suit Against Tech Support Scammers 245

Posted by timothy
from the not-enough-acid-in-the-world dept.
MojoKid (1002251) writes Tech support scammers have been around for a long time and are familiar to most Slashdot readers. But last month, the Federal Trade Commission (FTC) announced that it had issued lawsuits against several culprits responsible for tech support scams. Now Microsoft has announced that it too is going after tech support scammers. According to the company, more than 65,000 complaints have been made about tech support scams since May of this year alone. Bogus technicians, pretending to represent Microsoft, call the house offering fake tech support and trick people into paying hundreds of dollars to solve a non-existent issue. If successful in their ruse, the scammer then gains access to a person's computer, which lets them steal personal and financial information and even install malware. I managed to keep one of these guys on the phone for about 20 minutes while I stumbled through his directions, over and over, "rebooting," pretending to be using Windows, etc; the next one caught on more quickly. Have they called you? If so, how did the call go?
Communications

Tor Network May Be Attacked, Says Project Leader 86

Posted by timothy
from the routing-around-the-routing-around dept.
Earthquake Retrofit writes The Register is reporting that the Tor Project has warned that its network – used to mask peoples' identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger 'arma' Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.
Security

Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 177

Posted by timothy
from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

I have a very small mind and must live with it. -- E. Dijkstra

Working...