Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Government

North Korean Defector Spills Details On the Country's Elite Hacking Force 166

Posted by timothy from the can't-hack-in-here-this-is-the-hacking-room dept.
mattydread23 writes Business Insider interviewed Jang Se-yul, a North Korean defector who trained in the country's Mirim University alongside some of the hackers who make up its elite Bureau 121 hacking squad. He explains how they train: 'They take six 90-minute classes every day, learning different coding languages and operating systems, from C to Linux. Jang says a lot of time was spent dissecting Microsoft programs, like the Windows operating system, and how to attack the overall computer IT systems of enemy countries like the U.S. or South Korea.' He also explains that these hackers are among the elite in North Korea, and even though they have unfiltered information about the outside world that their countrymen lack, most of them would never dream of leaving. (See also this story from earlier this month about the life of North Korea's elite hackers.)

Comment Re: Mobile e-mail requires a mobile data plan (Score 1) 237

by theskipper (#48664893) Attached to: The Slow Death of Voice Mail

Re: $300, it really depends on your overall blend of cell usage. I've used Ting's pay as you go service for a couple years and do the same thing the op does, turn on $3/100MB mobile data for email on my S3 when I'm traveling. They're a Sprint MVNO, so coverage is predictable by looking at the Sprint maps.

Bottom line is that if all three parts of your voice/text/data usage are low, then $25/mo is not only doable, it's actually a little high.
Security

Cyberattack On German Steel Factory Causes 'Massive Damage' 212

Posted by Soulskill from the social-engineering-is-the-bug-you-can't-fix dept.
An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.

Comment Re:$32 million of greed. (Score 1) 170

by theskipper (#48640211) Attached to: Calculus Textbook Author James Stewart Has Died

Put it this way, before 1980, sure. But over the last 30 or so years it's been a different ballgame.

There were 100 baggers available by selling at the top of the internet bubble. Or buying MDVN 10 years ago or tucking away some AAPL in the dark days. And these opportunities aren't dying out; for example, the same scenario is playing again right now in immuno/gene therapy.

Expand that out to real estate, Forex, domain names or just about any other investment/speculative vehicle over that time and you're talking a massive # of individual opportunities that yielded multi-fold returns. Returns that could be parlayed into further opportunities.

So imo it's not unreasonable for someone to turn $1m into $30m over a 20 year span even with average discipline, intelligence and luck.
Security

Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 177

Posted by timothy from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

Comment Re:$32 million of greed. (Score 2) 170

by theskipper (#48639513) Attached to: Calculus Textbook Author James Stewart Has Died

Most likely not. Based on a cursory look at Scholastic, McGraw-Hill and John Wiley, only the latter has returned close to a 10-bagger in the last 20 years. Of course the obvious stock in the book space is Amazon at 100x+.

But the point is that there have been tons of investment opportunities that yielded extraordinary returns over that period. Being "astute" means you get rewarded for great due diligence, mixed in with good timing and some luck. It's the same for everyone who takes risk by investing, he shouldn't be pilloried for success imo.
Businesses

Staples: Breach May Have Affected 1.16 Million Customers' Cards 97

Posted by timothy from the your-name-here dept.
mpicpp writes with this excerpt from Fortune: Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.

Comment Re:Check your math. (Score 1) 880

by theskipper (#48598157) Attached to: Apparent Islamic Terrorism Strikes Sydney

None? Is civil disobedience a crime? By its very nature it is. So lots of Christians have committed lots of crimes over the years in the name of their religion. Over issues like civil rights, gays, school prayer, to name a few.

Now the shooting of abortion providers in the name of Christianity is of course an actual indisputable crime. Only a few, but in fairness you did express the extremist view and say none.
Advertising

Fraud Bots Cost Advertisers $6 Billion 190

Posted by samzenpus from the wanting-a-human-click dept.
Rambo Tribble writes A new report claims that almost a quarter of the "clicks" registered by digital advertisements are, in fact, from robots created by cyber crime networks to siphon off advertising dollars. The scale and sophistication of the attacks which were discovered caught the investigators by surprise. As one said, "What no one was anticipating is that the bots are extremely effective of looking like a high value consumer."
Security

New Destover Malware Signed By Stolen Sony Certificate 80

Posted by Soulskill from the everything-but-the-kitchen-sink dept.
Trailrunner7 writes: Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it's representative of the genre of malware that doesn't just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords. The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.
Open Source

Microsoft Introduces .NET Core 187

Posted by Soulskill from the how-the-sausage-is-made dept.
New submitter I will be back writes: Microsoft's Immo Landwerth has provided more details on the open source .NET Core. Taking a page from the Mono cookbook, .NET Core was built to be modular with unified Base Class Library (BCL), so you can install only the necessary packages for Core and ship it with applications using NuGet. Thus, NuGet becomes a first-class citizen and the default tool to deliver .NET Core packages.

As a smaller and cross-platform subset of the .NET Framework, it will have its own update schedule, updating multiple times a year, while .NET will be updated once a year. At the release of .NET 4.6, Core will be a clear subset of the .NET Framework. With future iterations it will be ahead of the .NET Framework. "The .NET Core platform is a new .NET stack that is optimized for open source development and agile delivery on NuGet. We're working with the Mono community to make it great on Windows, Linux and Mac, and Microsoft will support it on all three platforms."

Comment Re:Cheers for Mint (Score 5, Interesting) 89

by theskipper (#48497529) Attached to: Linux Mint 17.1 Cinnamon and MATE Editions Released

Cinnamon was the antidote to the dumbed-down interface craze for me. Switched to it a year ago and haven't looked back.

Nemo alone is worth the switch, it's a file manager that doesn't treat you like a child and "hide the knives" (and trees in the sidebar are intuitive to me, ymmv). Workspace management via panel, hotkeys or OSD all work well. The system menu is usable and makes sense. Applets are actually easy to install and manage. A couple clicks and sane scrollbars are back. And simple things out of the box like being able to resize a window without the idiocy of trying to hit a single pixel in the lower right corner reflects the productivity mindset it targets.

Maybe all this has been fixed in Unity/Gnome 3/etc. but I haven't paid attention and don't care at this point. Sure there's still bugs and features that need polishing but imho it's worth setting up a vm to test it out.

Slashdot Top Deals

Slowly and surely the unix crept up on the Nintendo user ...

Close