Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security

Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 177

Posted by timothy from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

Comment Re:$32 million of greed. (Score 2) 170

by theskipper (#48639513) Attached to: Calculus Textbook Author James Stewart Has Died

Most likely not. Based on a cursory look at Scholastic, McGraw-Hill and John Wiley, only the latter has returned close to a 10-bagger in the last 20 years. Of course the obvious stock in the book space is Amazon at 100x+.

But the point is that there have been tons of investment opportunities that yielded extraordinary returns over that period. Being "astute" means you get rewarded for great due diligence, mixed in with good timing and some luck. It's the same for everyone who takes risk by investing, he shouldn't be pilloried for success imo.
Businesses

Staples: Breach May Have Affected 1.16 Million Customers' Cards 97

Posted by timothy from the your-name-here dept.
mpicpp writes with this excerpt from Fortune: Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.

Comment Re:Check your math. (Score 1) 880

by theskipper (#48598157) Attached to: Apparent Islamic Terrorism Strikes Sydney

None? Is civil disobedience a crime? By its very nature it is. So lots of Christians have committed lots of crimes over the years in the name of their religion. Over issues like civil rights, gays, school prayer, to name a few.

Now the shooting of abortion providers in the name of Christianity is of course an actual indisputable crime. Only a few, but in fairness you did express the extremist view and say none.
Advertising

Fraud Bots Cost Advertisers $6 Billion 190

Posted by samzenpus from the wanting-a-human-click dept.
Rambo Tribble writes A new report claims that almost a quarter of the "clicks" registered by digital advertisements are, in fact, from robots created by cyber crime networks to siphon off advertising dollars. The scale and sophistication of the attacks which were discovered caught the investigators by surprise. As one said, "What no one was anticipating is that the bots are extremely effective of looking like a high value consumer."
Security

New Destover Malware Signed By Stolen Sony Certificate 80

Posted by Soulskill from the everything-but-the-kitchen-sink dept.
Trailrunner7 writes: Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it's representative of the genre of malware that doesn't just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords. The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.
Open Source

Microsoft Introduces .NET Core 187

Posted by Soulskill from the how-the-sausage-is-made dept.
New submitter I will be back writes: Microsoft's Immo Landwerth has provided more details on the open source .NET Core. Taking a page from the Mono cookbook, .NET Core was built to be modular with unified Base Class Library (BCL), so you can install only the necessary packages for Core and ship it with applications using NuGet. Thus, NuGet becomes a first-class citizen and the default tool to deliver .NET Core packages.

As a smaller and cross-platform subset of the .NET Framework, it will have its own update schedule, updating multiple times a year, while .NET will be updated once a year. At the release of .NET 4.6, Core will be a clear subset of the .NET Framework. With future iterations it will be ahead of the .NET Framework. "The .NET Core platform is a new .NET stack that is optimized for open source development and agile delivery on NuGet. We're working with the Mono community to make it great on Windows, Linux and Mac, and Microsoft will support it on all three platforms."

Comment Re:Cheers for Mint (Score 5, Interesting) 89

by theskipper (#48497529) Attached to: Linux Mint 17.1 Cinnamon and MATE Editions Released

Cinnamon was the antidote to the dumbed-down interface craze for me. Switched to it a year ago and haven't looked back.

Nemo alone is worth the switch, it's a file manager that doesn't treat you like a child and "hide the knives" (and trees in the sidebar are intuitive to me, ymmv). Workspace management via panel, hotkeys or OSD all work well. The system menu is usable and makes sense. Applets are actually easy to install and manage. A couple clicks and sane scrollbars are back. And simple things out of the box like being able to resize a window without the idiocy of trying to hit a single pixel in the lower right corner reflects the productivity mindset it targets.

Maybe all this has been fixed in Unity/Gnome 3/etc. but I haven't paid attention and don't care at this point. Sure there's still bugs and features that need polishing but imho it's worth setting up a vm to test it out.
Math

Mathematicians Study Effects of Gerrymandering On 2012 Election 413

Posted by samzenpus from the fix-is-in dept.
HughPickens.com writes Gerrymandering is the practice of establishing a political advantage for a particular party by manipulating district boundaries to concentrate all your opponents' votes in a few districts while keeping your party's supporters as a majority in the remaining districts. For example, in North Carolina in 2012 Republicans ended up winning nine out of 13 congressional seats even though more North Carolinians voted for Democrats than Republicans statewide. Now Jessica Jones reports that researchers at Duke are studying the mathematical explanation for the discrepancy. Mathematicians Jonathan Mattingly and Christy Vaughn created a series of district maps using the same vote totals from 2012, but with different borders. Their work was governed by two principles of redistricting: a federal rule requires each district have roughly the same population and a state rule requires congressional districts to be compact. Using those principles as a guide, they created a mathematical algorithm to randomly redraw the boundaries of the state's 13 congressional districts. "We just used the actual vote counts from 2012 and just retabulated them under the different districtings," says Vaughn. "If someone voted for a particular candidate in the 2012 election and one of our redrawn maps assigned where they live to a new congressional district, we assumed that they would still vote for the same political party."

The results were startling. After re-running the election 100 times with a randomly drawn nonpartisan map each time, the average simulated election result was 7 or 8 U.S. House seats for the Democrats and 5 or 6 for Republicans. The maximum number of Republican seats that emerged from any of the simulations was eight. The actual outcome of the election — four Democratic representatives and nine Republicans – did not occur in any of the simulations. "If we really want our elections to reflect the will of the people, then I think we have to put in safeguards to protect our democracy so redistrictings don't end up so biased that they essentially fix the elections before they get started," says Mattingly. But North Carolina State Senator Bob Rucho is unimpressed. "I'm saying these maps aren't gerrymandered," says Rucho. "It was a matter of what the candidates actually was able to tell the voters and if the voters agreed with them. Why would you call that uncompetitive?"
Sony

Sony Pictures Computer Sytems Shut Down After Ransomware Hack 155

Posted by Soulskill from the try-long-enough-and-you-find-a-soft-target dept.
MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.
Networking

Can the US Actually Cultivate Local Competition in Broadband? 135

Posted by timothy from the but-what-we-really-want-is-more-rules dept.
New submitter riskkeyesq writes with a link to a blog post from Dane Jasper, CEO of Sonic.net, about what Jasper sees as the deepest problem in the U.S. broadband market and the Internet in general: "There are a number of threats to the Internet as a system for innovation, commerce and education today. They include net neutrality, the price of Internet access in America, performance, rural availability and privacy. But none of these are the root issue, they're just symptoms. The root cause of all of these symptoms is a disease: a lack of competition for consumer Internet access." Soft landings for former legislators, lobbyists disguised as regulators, hundreds of thousands of miles of fiber sitting unused, the sham that is the internet provider free market is keeping the US in a telecommunications third-world. What, exactly, can American citizens do about it? One upshot, in Jasper's opinion (hardly disinterested, is his role at CEO at an ISP that draws praise from the EFF for its privacy policies) is this: "Today’s FCC should return to the roots of the Telecom Act, and reinforce the unbundling requirements, assuring that they are again technology neutral. This will create an investment ladder to facilities for competitive carriers, opening access to build out and serve areas that are beyond our reach today."
Android

Visual Studio 2015 Supports CLANG and Android (Emulator Included) 192

Posted by timothy from the exigent-realities dept.
Billly Gates (198444) writes "What would be unthinkable a decade ago is Visual Studio supporting W3C HTML and CSS and now apps on other platforms. Visual Studio 2015 preview is available for download which includes support for LLVM/Clang, Android development, and even Linux development with Mono using Xamarin. A little more detail is here. A tester also found support for Java, ANT, SQL LITE, and WebSocket4web. We see IE improving in terms of more standards and Visual Studio Online even supports IOS and MacOSX development. Is this a new Microsoft emerging? In any case it is nice to have an alternative to Google tools for Android development."

Slashdot Top Deals

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.

Close