Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment Re:um... (Score 1) 43

by bswarm (#48696733) Attached to: BU Students Working On a Cheaper, Gentler Suborbital Rocket
Don't you hate the term "model rocket" when you're spending an easy grand on Aerotech 98mm casings and propellant, not to mention the rocket, licensing and FAA waivers? I gave up after my license qualifying H engine flight because the regulations in California are too strict to go any further.

Submission + - How should email change to stop spam? 2

Submitted by Anonymous Coward
An anonymous reader writes: Email has been on the internet for a long time and so has spam. Although anti-spam techniques are not losing the battle, it is not winning either.

Some background terms: Current smtp/email standars are RFC5321 and RFC5322. To avoid spam most people use DNSBLs and URIBLs for checking IP addresses and URLs. And there are some other content checks being done in spam-filters (e.g. by Spamassassin or non-free). Furthermore there are reputation-based systems such as SenderScore. There are some standards to avoid your domains being abused: SPF and DMARC. The large inbox-providers like Live.com and Gmail have additional filtering and throttling based on reputation and engagement (= is someone actually reading/clicking your company email).

And then there are some players in the field: ISPs send email for individuals and very small companies. ESPs (e.g. Constant Contact or MailChimp) send email for larger companies. Anti-spam organisations (such as Spamhaus, Spamcop or Sorbs) use spam information to create blocklists. Spamfilter companies (e.g. Proofpoint, Barracuda and SpamExperts) sell you a spamfilter-service and/or device. Furthermore there are a whole slew of email receivers: Large (such as Apple and Live.com/Gmail type) and smaller (companies and ISP/hosting companies). Then there are law-makers and regulatory bodies (who set and maintain laws) and I will include MAAWG here. And to not forget the spammers: Legitimate companies and criminal organisations (who spam for all sorts of reasons: marketing, selling, phishing, scamming, spear-phishing ...). I would define spam as all email that I would not expect to get (no opt-in, too long ago or inappropriate content given the relationship).

So my question is: Current anti-spam methods are not good enough. What should change in email so spam (of all sorts) is more effectivly countered?

Submission + - Investigation IDs Crew of 6 Behind Hack of Sony, Including Former Employee (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: Alternative theories of who is responsible for the hack of Sony Pictures Entertainment have come fast and furious (http://it.slashdot.org/story/14/12/24/1757224/did-north-korea-really-attack-sony)in recent weeks- especially since the FBI pointed a finger at the government of North Korea last week. (http://news.slashdot.org/story/14/12/18/0249222/us-links-north-korea-to-sony-hacking) But Norse Security is taking the debate up a notch: saying that they have conclusive evidence pointing to group of disgruntled former employees as the source of the attack and data theft.

The Security Ledger quotes Norse Vice President Kurt Stammberger saying that Norse has identified a group of six individuals — in the U.S., Canada, Singapore and Thailand — that it believes carried out the attack, including at least one 10 year employee of SPE who worked in a technical capacity before being laid off in May.(https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk/)

Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the "means and motive" to do the attack. HR files leaked in the hack provided the motive part: a massive restructuring in Spring, 2014, in which many longtime SPE employees were laid off.

After researching the online footprint of a list of all the individuals who were fired and had the means to be able to access sensitive data on Sony's network, Norse said it identified a handful who expressed anger in social media posts following their firing. They included one former employee — a 10 year SPE veteran who he described as having a “very technical background.” Researchers from the company followed that individual online, noting participation in IRC (Internet Relay Chat) forums where they observed communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia.

According to Stammberger, the Norse investigation was eventually able to connect an individual directly involved in conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.

While Stammberger admits that some clues in the investigation seemed to point to attackers in one of the Koreas, he says those paths all turned into dead ends, and that Norse investigators found no convincing evidence of North Korean involvement in the incident.

According to Stammberger, the company is briefing the FBI on its investigation on Monday. I'd love to be a fly on the wall in that room!

Submission + - Adobe Flash Update Installs McAfee Security Scan Plus Crapware

Submitted by Anonymous Coward
An anonymous reader writes: If you get an update notification for Adobe Flash you will also be installing McAfee Security Scan Plus. This mornings update did open an Adobe webpage but did not give the option of unticking a box to prevent installation of McAfee crapware like previous updates have had. To uninstall — Start, McAfee Security Scan Plus, Uninstall, restart, cross your fingers nothing gets borked.

Submission + - FCC Misplaced Around 600,000 Net Neutrality Comments

Submitted by Presto Vivace
Presto Vivace writes: FCC States It Misplaced Around 600,000 Net Neutrality Comments

Just as net neutrality opponents were celebrating the claim that their outrage-o-matic form letter campaigns resulted in more FCC-filed comments than neutrality supporters, the FCC has announced that it somehow managed to lose roughly 600,000 net neutrality comments during processing. According to a blog post by the FCC, the agency says that the comments were misplaced due to the agency's "18-year-old Electronic Comment Filing system (ECFS)."

Submission + - North Korean Internet Down? (vox.com)

Submitted by FlamingAtheist
FlamingAtheist writes: North Korea's already spotty internet appears to be under an attack to disrupt it in possible retaliation for their alleged responsibility for the Sony hack. Other possibilities are that China (who they get their connection through) is throttling them or other outside independents are targeting them.

Submission + - thepiratebay.se is up (thepiratebay.se)

Submitted by Anonymous Coward
An anonymous reader writes: The Piratebay domain is now active again after earlier seizure by Swedish police. Visitors are met with a clock and a cryptic hash. Source code reveals that it is a AES key, but for what?

Submission + - Heathkit – The electronic history mystery (adafruit.com)

Submitted by coop0030
coop0030 writes: In 2013 there was a lot of buzz in the electronics communities about Heathkit returning in some way, however it’s been exactly one year and there has not been any updates. Heathkit “came back” in 2011 too, but nothing materialized then either. Here is our attempt to help piece together some of the puzzle of what has become of Heathkit.

Submission + - Something is Happening at thepiratebay.se (torrentfreak.com)

Submitted by Zanadou
Zanadou writes: On December 9 The Pirate Bay was raided but despite the rise of various TPB clones and rumors of reincarnations, thepiratebay.se domain remained inaccessible, until today. This morning the Pirate Bay’s nameservers were updated to ones controlled by their domain name registrar binero.se .

A few minutes later came another big change when The Pirate Bay’s main domain started pointing to a new IP-address (178.175.135.122) that is connected to a server hosted in Moldova.

So far there is not much to see, just a background video of a waving pirate flag (taken from Isohunt.to) and a counter displaying the time elapsed since the December 9 raid. However, the "AES string" looks 'promising.'

Comment Try starting him on Alice (Score 1) 3

by bswarm (#48634079) Attached to: Help for 11 year old that wants to grow up to make games?
http://www.alice.org/
Alice is an innovative 3D programming environment that makes it easy to create an animation for telling a story, playing an interactive game, or a video to share on the web. Alice is a freely available teaching tool designed to be a student's first exposure to object-oriented programming. It allows students to learn fundamental programming concepts in the context of creating animated movies and simple video games. In Alice, 3-D objects (e.g., people, animals, and vehicles) populate a virtual world and students create a program to animate the objects.

Submission + - USBdriveby: The $20 Device That Installs a Backdoor in a Second

Submitted by Trailrunner7
Trailrunner7 writes: Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in a few seconds and hand control of it to the attacker.

Kamkar has been working on the new project for some time, looking for a way to install the backdoor without needing to use the mouse and keyboard. The solution he came up with is elegant, fast and effective. By using code that can emulate the keyboard and the mouse and evade the security protections such as local firewalls, Kamkar found a method to install his backdoor in just a couple of seconds and keep it hidden on the machine. He loaded the code onto an inexpensive Teensy USB microcontroller.

Kamkar’s USBdriveby attack can be executed in a matter of seconds and would be quite difficult for a typical user to detect once it’s executed. In a demo video, Kamkar runs the attack on OS X, but he said the code, which he’s released on GitHub, can be modified easily to run on Windows or Linux machine. The attack inserts a backdoor on the target machine and also overwrites the DNS settings so that the attacker can then spoof various destinations, such as Facebook or an online banking site, and collect usernames and passwords. The backdoor also goes into the cron queue, so that it runs at specified intervals.

Submission + - Sony leaks reveal Hollywood is trying to break DNS, the backbone of the internet (theverge.com) 1

Submitted by schwit1
schwit1 writes: A leaked legal memo reveals a plan for blacklisting pirate sites at the ISP level

Most anti-piracy tools take one of two paths: they either target the server that's sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that's currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place?

To do that, the MPAA's lawyers would target the Domain Name System (DNS) that directs traffic across the internet.

Slashdot Top Deals

fortune: cpu time/usefulness ratio too high -- core dumped.

Close