Forgot your password?
typodupeerror

Catch up on stories from the past week (and beyond) at the Slashdot story archive

Chrome

Google Chrome Will Block All NPAPI Plugins By Default In January 25

Posted by samzenpus
from the end-of-the-line dept.
An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback."
United States

DHS Set To Destroy "Einstein" Surveillance Records 28

Posted by samzenpus
from the nothing-to-see-here dept.
schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.
Books

Book Review: Bulletproof SSL and TLS 45

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.
Security

Nuclear Weapons Create Their Own Security Codes With Radiation 82

Posted by samzenpus
from the missile-protect-thyself dept.
Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.
Security

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years 122

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.
Open Source

Critical XSS Flaws Patched In WordPress and Popular Plug-In 40

Posted by timothy
from the switch-to-slashcode dept.
itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.
Privacy

Top NSA Official Raised Alarm About Metadata Program In 2009 108

Posted by Soulskill
from the should-have-listened dept.
An anonymous reader sends this report from the Associated Press: "Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say.

The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history.
Government

Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More 179

Posted by Soulskill
from the everybody-gets-something-and-nobody-gets-everything dept.
theodp writes: "The high-tech industry," reports the Washington Post's Nancy Scola, "will have at least two things to be happy about in President Obama's speech outlining executive actions he'll take on immigration. The president plans to grant the tech industry some, but not nearly all, of what it has been after in the immigration debate. The first is aimed at increasing the opportunity for foreign students and recent graduates from U.S. schools to work in high-tech jobs in the United States. And the second is aimed at making it easier for foreign-born entrepreneurs to set up shop in the United States. According to the White House, Obama will direct the Department of Homeland Security to help students in the so-called STEM fields — science, technology, engineering and mathematics — by proposing, per a White House fact sheet released Thursday night, to "expand and extend" the controversial Optional Practical Training program that now allows foreign-born STEM students and recent graduates remain in the United States for up to 29 months. The exact details of that expansion will be worked out by the Department of Homeland Security as it goes through a rulemaking process."
Robotics

Microsoft Rolls Out Robot Security Guards 138

Posted by Soulskill
from the please-register-that-copy-of-windows.-you-have-20-seconds-to-comply dept.
An anonymous reader writes: Microsoft is testing a group of five robot security guards. They contain a sophisticated sensor suite that includes 360-degree HD video, thermal imaging, night vision, LIDAR, and audio recorders. They can also detect various chemicals and radiation signatures, and do some rudimentary behavioral analysis on people they see. (And they look a bit like Daleks.) The robots are unarmed, so we don't have to worry about a revolt just yet, but they can sound an alarm and call for human officers. They weigh about 300 lbs each, can last roughly a day on a battery charge, and know to head to the charging station when they're low on power.
United States

Greenwald Advises Market-Based Solution To Mass Surveillance 145

Posted by samzenpus
from the you-get-what-you-demand dept.
Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Bitcoin

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins 46

Posted by timothy
from the sometimes-the-good-guys-win dept.
An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)
Privacy

Amnesty International Releases Tool To Combat Government Spyware 94

Posted by timothy
from the doing-the-right-thing dept.
New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt, a tool that finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent government surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool (downloadable here) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning.
Botnet

Android Botnet Evolves, Could Pose Threat To Corporate Networks 54

Posted by samzenpus
from the protect-ya-neck dept.
angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.
The Almighty Buck

Blowing On Money To Tell If It Is Counterfeit 112

Posted by samzenpus
from the huff-and-puff dept.
HughPickens.com writes Scientific American reports that simply breathing on money could soon reveal if it's the real deal or counterfeit thanks to a photonic crystal ink developed by Ling Bai and Zhongze Gu and colleagues at Southeast University in Nanjing, China that can produce unique color changing patterns on surfaces with an inkjet printer system which would be extremely hard for fraudsters to reproduce. The ink mimics the way Tmesisternus isabellae – a species of longhorn beetle – reversibly switches its color from gold to red according to the humidity in its environment. The color shift is caused by the adsorption of water vapor in their hardened front wings, which alters the thickness and average refractive index of their multilayered scales. To emulate this, the team made their photonic crystal ink using mesoporous silica nanoparticles, which have a large surface area and strong vapor adsorption capabilities that can be precisely controlled. The complicated and reversible multicolor shifts of mesoporous CPC patterns are favorable for immediate recognition by naked eyes but hard to copy. "We think the ink's multiple security features may be useful for antifraud applications," says Bai, "however we think the technology could be more useful for fabricating multiple functional sensor arrays, which we are now working towards."
The Courts

Court Shuts Down Alleged $120M Tech Support Scam 125

Posted by samzenpus
from the shutting-it-down dept.
wiredmikey writes A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than $120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines.

According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between $29 and $49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as $500, the FTC stated.
United States

Congress Suggests Moat, Electronic Fence To Protect White House 211

Posted by samzenpus
from the greased-monkeys-with-straight-razors dept.
PolygamousRanchKid writes Acting Secret Service director Joseph Clancy on Wednesday faced a number of tough questions from the House Judiciary Committee about the fence jumper who made it deep into the White House. But along with the tough questions, Clancy fielded a couple eyebrow raising suggestions on how to better protect the president's home. "Would a moat, water six feet around, be kind of attractive and effective?" Rep. Steve Cohen, D-Tenn., asked with trepidation. Rep. Louie Gohmert, R-Texas, asked: “Would you be in favor of removing the fence around the White House and having, maybe, a virtual or electronic fence around it?” Clancy liked the moat idea better than the electric fence. “My knee-jerk reaction to that would be no, sir,” he told Gohmert. “Partly because of the number of tourists that come up Pennsylvania Avenue and come up to that area.”
Transportation

Martin Jetpack Closer To Takeoff In First Responder Applications 54

Posted by samzenpus
from the when-you-have-to-get-there-in-a-hurry dept.
Zothecula writes Last year's redesign of the long-awaited Martin Jetpack was accompanied by plans to begin commercial sales in 2014, starting with emergency response services and individual sales to follow thereafter. The release date for the first responder Jetpack has since been revised to 2016, a prediction bolstered by the fresh announcement of a partnership between Martin Aircraft Company and US company Avwatch to develop air-based, first responder solutions for the US Department of Homeland Security and Department of Defense.
Republicans

Republicans Block Latest Attempt At Curbing NSA Power 430

Posted by Soulskill
from the and-everybody-will-have-forgotten-about-it-in-two-years dept.
Robotron23 writes: The latest attempt at NSA reform has been prevented from passage in the Senate by a margin of 58 to 42. Introduced as a means to stop the NSA collecting bulk phone and e-mail records on a daily basis, the USA Freedom Act has been considered a practical route to curtailment of perceived overreach by security services, 18 months since Edward Snowden went public. Opponents to the bill said it was needless, as Wall Street Journal raised the possibility of terrorists such as ISIS running amok on U.S. soil. Supporting the bill meanwhile were the technology giants Google and Microsoft. Prior to this vote, the bill had already been stripped of privacy protections in aid of gaining White House support. A provision to extend the controversial USA Patriot Act to 2017 was also appended by the House of Representatives.
Chrome

Chrome 39 Launches With 64-bit Version For Mac OS X and New Developer Features 65

Posted by Soulskill
from the almost-over-the-hill dept.
An anonymous reader writes "Google today released Chrome 39 for Windows, Mac, and Linux. The biggest addition in this release is 64-bit support for OS X, which first arrived in Chrome 38 beta. Unlike on Windows, where 32-bit and 64-bit versions will both continue to be available (users currently have to opt-in to use the 64-bit release), Chrome for Mac is now only available in 64-bit. There are also a number of security fixes and developer features. Here's the full changelog.
Windows

Microsoft Releases Out-of-Band Security Patch For Windows 176

Posted by timothy
from the as-circumstances-warrant dept.
mrspoonsi writes Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company's major platforms, is rated 'critical' and it is recommended that you install the patch immediately. The patch is rated 'critical' because it allows for elevation of privileges and will require a restart. The platforms that are affected include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1. Windows 10 Technical Preview customers are affected, too.

... when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. -- Fred Brooks

Working...