Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? 572

Posted by Unknown Lamer from the padlock-icon-says-I'm-good-right dept.
New submitter Matt.Battey writes "I was recently on-site with a client and in the execution of my duties there, I needed to access web sites like Google Maps and my company's VPN. The VPN connection was rejected (which tends to be common, even though it's an HTTPS based VPN service). However, when I went to Google Maps I received a certificate error. It turns out that the client is intercepting all HTTPS traffic on the way out the door and re-issuing an internally generated certificate for the site. My client's employees don't notice because their computers all have the internal CA pushed out via Windows Group Policy & log-on scripts.

In essence, my client performs a Man-In-The-Middle attack on all of their employees, interrupting HTTPS communications via a network coordinated reverse-proxy with false certificate generation. My assumption is that the client logs all HTTPS traffic this way, capturing banking records, passwords, and similar data on their employees.

My question: How common is it for employers to perform MITM attacks on their own employees?"
Security

NBC News Confuses the World About Cyber-Security 144

Posted by samzenpus from the think-of-the-athletes dept.
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
Transportation

EU Secretly Plans To Put a Back Door In Every Car By 2020 364

Posted by timothy from the don't-worry-we'll-only-track-you dept.
An anonymous reader writes "A secretive EU body has agreed to develop a device to be fitted to all cars allowing police to cut off any engine at will, it emerged today. The device, which could be imposed within a decade, would also allow police to track a vehicle's movements as well as immobilise it. According to The Daily Telegraph a group of senior EU officials, including several Home Office mandarins, have signed off the proposal at a secret meeting in Brussels."
Robotics

The Changing Face of Robotics 49

Posted by samzenpus from the why-did-you-program-me-to-feel-pain? dept.
An anonymous reader writes "Using sensors to interface socially, the next generation of robots may not fit the classic idea of what a robot should be. Glen Martin writes: 'Equipped with two articulated arms, it can perform a multitude of tasks. It requires no application code to start up, and no expensive software to function. No specialists are required to program it; workers with minimal technical background can "teach" the robot right on the production line through a graphical user interface and arm manipulation.'"
Classic Games (Games)

Ask Slashdot: Will You Start Your Kids On Classic Games Or Newer Games? 285

Posted by Soulskill from the you-have-died-of-dysentery dept.
An anonymous reader writes "An article at The Verge got me thinking. Parents and those of you who plan to become parents: will you introduce your kids to the games you played when you were younger? Those of us who grew up playing Pong, Space Invaders, and Pac-Man have had a chance to see gaming software evolve into the enormously complex and graphically realistic beast it is today. I've begun to understand why my grandparents tried to get me to watch old movies. I'm also curious how you folks plan to teach your kids about computers and software in general. When teaching them Linux, do you just download the latest stable Mint or Ubuntu release and let them take it from there? Do you track down a 20-year-old version of Slackware and show them how things used to be? I can see how there would be value in that... the UIs we use every day have been abstracted so far away from their roots that we can't always expect new users to intuitively grasp the chain of logic. How do you think this should be handled?"
Earth

Enormous Tunneling Machine 'Bertha' Blocked By 'The Object' 339

Posted by Soulskill from the new-television-series-already-under-development dept.
An anonymous reader sends word that 'Bertha,' the world's largest tunneling machine, which is currently boring a passage beneath Seattle's waterfront, has been forced stop. The 57.5ft diameter machine has encountered an unknown obstruction known as "the object." "The object’s composition and provenance remain unknown almost two weeks after first contact because in a state-of-the-art tunneling machine, as it turns out, you can’t exactly poke your head out the window and look. 'What we’re focusing on now is creating conditions that will allow us to enter the chamber behind the cutter head and see what the situation is,' [said project manager Chris Dixon]. Mr. Dixon said he felt pretty confident that the blockage will turn out to be nothing more or less romantic than a giant boulder, perhaps left over from the Ice Age glaciers that scoured and crushed this corner of the continent 17,000 years ago. But the unknown is a tantalizing subject. Some residents said they believe, or want to believe, that a piece of old Seattle, buried in the pell-mell rush of city-building in the 1800s, when a mucky waterfront wetland was filled in to make room for commerce, could be Bertha’s big trouble. That theory is bolstered by the fact that the blocked tunnel section is also in the shallowest portion of the route, with the top of the machine only around 45 feet below street grade."
Privacy

CBS 60 Minutes: NSA Speaks Out On Snowden, Spying 504

Posted by samzenpus from the what-did-he-get? dept.
An anonymous reader writes "This week CBS New's 60 Minutes program had a broadcast segment devoted to the NSA, and additional online features. It revealed that the first secret Snowden stole was the test and answers for a technical examination to get a job at NSA. When working at home, Snowden covered his head and screen with a hood so that his girlfriend couldn't see what he was doing. NSA considered the possibility that Snowden left malicious software behind and removed every computer and cable that Snowden had access to from its classified network, costing tens of millions of dollars. Snowden took approximately 1.7 million classified documents. Snowden never approached any of multiple Inspectors General, supervisors, or Congressional oversight committee members about his concerns. Snowden's activity caught the notice of other System Administrators. There were also other interesting details, such as the NSA has a highly competitive intern program for High School students that are given a Top Secret clearance and a chance to break codes that have resisted the efforts of NSA's analysts — some succeed. The NSA is only targeting the communications, as opposed to metadata, of less than 60 Americans. Targeting the actual communications of Americans, rather than metadata, requires a probable cause finding and a specific court order. NSA analysts working with metadata don't have access to the name, and can't listen to the call. The NSA's work is driven by requests for information by other parts of the government, and there are about 31,000 requests. Snowden apparently managed to steal a copy of that document, the 'crown jewels' of the intelligence world. With that information, foreign nations would know what the US does and doesn't know, and how to exploit it."

Submission + - Brand new Bombardier CSeries airplane lifts off on maiden flight (www.cbc.ca)

Submitted by JavaScrybe
JavaScrybe writes: Hey, a new type of bird. Bombardier's CSeries has taken its maiden flight. They boast a significant reduction in noise, which they hope will help them target urban airports, and lower fuel consumption for the eco-friendly. The canadian airplane maker hopes to challenge a significant dent in the 100-160 seats market for commercial aircrafts. At time of writing, no word yet if it landed safely, but they're hopeful.
Businesses

Survey: Most IT Staff Don't Communicate Security Risks 227

Posted by Soulskill from the most-execs-don't-listen-anyway dept.
CowboyRobot writes "A Tripwire survey of 1,320 IT personnel from the U.S. and U.K. showed that most staff 'don't communicate security risk with senior executives or only communicate when a serious security risk is revealed.' The reason is that staff have resigned themselves to staying mum due to an environment in which 'collaboration between security risk management and business is poor, nonexistent or adversarial,' or at best, just isn't effective at getting risk concerns up to senior management."
Crime

Bradley Manning Says He's Sorry 496

Posted by timothy from the may-I-have-another dept.
Hugh Pickens DOT Com writes "The Washington Post reports that Pfc. Bradley Manning told a military judge during his sentencing hearing that he is sorry he hurt the United States by leaking hundreds of thousands of sensitive military and diplomatic documents to the anti-secrecy group WikiLeaks and he asked for leniency as he spoke for less than five minutes, often in a quavering voice "I'm sorry I hurt people. I'm sorry that I hurt the United States," said Manning, who was convicted last month of multiple crimes, including violations of the Espionage Act, for turning over the classified material. "I'm apologizing for the unintended consequences of my actions. I believed I was going to help people, not hurt people." Speaking publicly for only the third time since he was arrested in Iraq in June 2010, Manning said he had been naive. "I look back at my decisions and wonder, 'How on earth could I, a junior analyst, possibly believe I could change the world for the better over the decisions of those with the proper authority?'""
Cellphones

Samsung Ups Ante In Smartphone Size Wars: 6.3 Inches 221

Posted by timothy from the don't-mean-to-brag-but dept.
New submitter jarold writes to note that Samsung has launched two extra-large cellphones: a 6.3 inch LTE ready version, and a 5.8 inch version. "Branded as Galaxy Mega, one would struggle to fit [either in a] pocket or use it with just one hand. The good thing, it is only 8mm thin and weighs under 200 grams. More portable than a tablet, it comes with a durable polycarbonate body. Unlike most of Samsung's latest smartphones, it does not have a super AMOLED panel. Instead, it has an HD super clear LCD display, which is bright enough to please most users. It features split screen and multitasking between video and other apps." For a phone that big, users might need to brush up on their side-talking skills.
AMD

AMD Overhauls Open-Source Linux Driver 126

Posted by Soulskill from the added-support-for-individual-tree-leaf-motion-and-rump-physics dept.
An anonymous reader writes "AMD's open-source developer has posted an incredible set of 165 patches against the Linux kernel that provide support for a few major features to their Linux graphics driver. Namely, the open-source Radeon Linux driver now supports dynamic power management on hardware going back to the Radeon HD 2000 (R600) generation. The inability to re-clock the GPU frequencies and voltages dynamically based upon load has been a major limiting factor for open-source AMD users where laptops have been warm and there is diminished battery power. The patches also provide basic support for the AMD Radeon HD 8000 'Sea Islands' graphics processors on their open-source Linux driver."
The Internet

Ask Slashdot: What Should a Non-Profit Look For In a Web Host? 100

Posted by Soulskill from the low-latency-for-your-quake-3-servers dept.
An anonymous reader writes "We are a large (multi-national) non-profit and currently deal with 503s on a near daily basis. We've worked on this for over a year and the host hasn't been able to figure out how to fix it. We're paying for a managed host and need to evaluate other options. My boss has tasked me with evaluating a new one. I'm the most geeky of the group, so I know the terms, but don't have a sense of what's actually needed to suit our needs. We sometimes have upwards of 1,000 people browsing the site at the same time, so my sense is that we shouldn't need massive amounts of power or bandwidth... but, somehow that's not working on our current host. Can anyone help me get a sense of what types of hosting will best suit the needs of a 'large' non-profit? We're not Facebook, but we're not a mom-and-pop shop. Any help or tips would be fantastic, particularly if you've also selected a new hosting provider in the past year or so. I don't necessarily need actual names (though those would be nice, too) but at least some tips on what makes a huge difference when suddenly a whole bunch of people around the world read an email and want to help out."
IT

Ask Slashdot: How Do You Prove an IT Manager Is Incompetent? 331

Posted by samzenpus from the terrible-bosses dept.
An anonymous reader writes "I have been asked by a medium-sized business to help them come to grips with why their IT group is ineffective, loathed by all other departments, and runs at roughly twice the budget of what the CFO has deemed appropriate for the company's size and industry. After just a little scratching, it has become quite clear that the 'head of IT' has no modern technological skills, and has been parroting what his subordinates have told him without question. (This has led to countless projects that are overly complex, don't function as needed, and are incredibly expensive.) How can one objectively illustrate that a person doesn't have the knowledge sufficient to run a department? The head of IT doesn't necessarily need to know how to write code, so a coding test serves no purpose, but should be able to run a project. Are there objective methods for assessing this ability?"
Education

Ask Slashdot: How Can I Make a Computer Science Club Interesting? 265

Posted by samzenpus from the just-add-beer dept.
plutoclacks writes "I will run a computer science club at my high school next semester with two other friends. The club was newly introduced this school year, and initially saw a massive success (40+ members showed up at the first meeting). Unfortunately, participation has decreased a lot since then, down to four active members. I feel that the main reason for this decline was the inability to maintain the students' interest at the beginning of the year, as well as general disorganization, which we hope to change next semester. The leaders of the club all have fairly strong Java backgrounds, in addition to enthusiasm about computer science and programming. We have a computer lab with ~30 computers, which, though old, are still functional and available for use. What are some ways we can make the club have an impacting interest to newcomers?"

Slashdot Top Deals

The optimum committee has no members. -- Norman Augustine

Close