Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - OpenSSL Patches Eight New Vulnerabilities (itworld.com)

Submitted by itwbennett
itwbennett writes: Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks. Although the flaws are only of moderate and low severity, 'system administrators should plan to upgrade their running OpenSSL server instances in the coming days,' said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7.

Submission + - Inside North Korea's Naenara Browser (threatpost.com)

Submitted by msm1267
msm1267 writes: Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness.

The Naenara browser is part of the Red Star operating system used in North Korea and it’s a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

“Here’s where things start to go off the rails: what this means is that all of the DPRK’s national network is non-routable IP space. You heard me; they’re treating their entire country like some small to medium business might treat their corporate office,” Hansen wrote in a blog post detailing his findings. “The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists. Apparently not!”

Submission + - Publishing of satirical cartoons of the prophet silenced after terrorist attack

Submitted by wmofr
wmofr writes: Major U.S. and British publications refused to publish related satirical cartoons, at least those about the "prophet", after the terrorist attack in Charlie Hebdo's office, which had 12 people killed. An editor of the Independent said:“But the fact is as an editor you have got to balance principle with pragmatism, and I felt yesterday evening a few different conflicting principles: I felt a duty to readers; a duty to the dead; I felt a duty to journalism – and I also felt a duty to my staff. I think it would have been too much of a risk to unilaterally decide in Britain to be the only newspaper that went ahead and published so in a sense it is true one has self-censored in a way I feel very uncomfortable with. It’s an incredibly difficult decision to make.” But still many media bravely publishing those cartoons declining self-censorship.

Submission + - The Ultimate Tech the US, Russia, China and India All Want: Hypersonic Weapons (nationalinterest.org)

Submitted by Anonymous Coward
An anonymous reader writes: They can hit any target in 30 minutes or less. They travel anywhere from Mach 5 to Mach 25. All the major powers want them and many look at them as a military game changer--if only they can make them work. Are hypersonic weapons the future of military doctrine?

Hypersonic weapons--or ballistic weapons that can hit a target flying many times faster than the speed of sound have been hyped since the 1970s. Currently almost all of the major powers are trying to build them. The US and China seem to be the furthest along and are working on various types of systems. China hopes such weapons could be a game changer and deter any US actions in Asia.

There is however one big problem (besides the insane amount of technology to make them work considering their speed): a possible arms race and the threat they could lead to a nuclear war:

"According to some analysts, the development of hypersonic weapons creates the conditions for a new arms race, and could risk nuclear escalation. Given that the course of hypersonic research has acknowledged both of these concerns, why have several countries started testing the weapons?"

Submission + - How should email change to stop spam? 2

Submitted by Anonymous Coward
An anonymous reader writes: Email has been on the internet for a long time and so has spam. Although anti-spam techniques are not losing the battle, it is not winning either.

Some background terms: Current smtp/email standars are RFC5321 and RFC5322. To avoid spam most people use DNSBLs and URIBLs for checking IP addresses and URLs. And there are some other content checks being done in spam-filters (e.g. by Spamassassin or non-free). Furthermore there are reputation-based systems such as SenderScore. There are some standards to avoid your domains being abused: SPF and DMARC. The large inbox-providers like Live.com and Gmail have additional filtering and throttling based on reputation and engagement (= is someone actually reading/clicking your company email).

And then there are some players in the field: ISPs send email for individuals and very small companies. ESPs (e.g. Constant Contact or MailChimp) send email for larger companies. Anti-spam organisations (such as Spamhaus, Spamcop or Sorbs) use spam information to create blocklists. Spamfilter companies (e.g. Proofpoint, Barracuda and SpamExperts) sell you a spamfilter-service and/or device. Furthermore there are a whole slew of email receivers: Large (such as Apple and Live.com/Gmail type) and smaller (companies and ISP/hosting companies). Then there are law-makers and regulatory bodies (who set and maintain laws) and I will include MAAWG here. And to not forget the spammers: Legitimate companies and criminal organisations (who spam for all sorts of reasons: marketing, selling, phishing, scamming, spear-phishing ...). I would define spam as all email that I would not expect to get (no opt-in, too long ago or inappropriate content given the relationship).

So my question is: Current anti-spam methods are not good enough. What should change in email so spam (of all sorts) is more effectivly countered?

Submission + - License Plate Reader Technology Looks At Faces (thenewspaper.com)

Submitted by schwit1
schwit1 writes: Police and private companies link facial recognition software to databases that track motorists.

The leading suppler of automated license plate reader technology in the US is expanding its offerings to law enforcement. Vehicle owners have already had their movements tracked by the company Vigilant Solutions, which boasts 2 billion entries in its nationwide database, with 70 million additional license plate photographs being added each month. Now passengers can also be tracked if they hitch a ride with a friend and are photographed by a camera aimed at the front of the car. The Livermore, California-based firm recently announced expanded integration of facial recognition technology into its offerings.

And the hits just keep on coming.

Submission + - Smithsonian Museum Digitizes Entire Collection, Plans Release on New Year's Day

Submitted by Anonymous Coward
An anonymous reader writes: The Freer Gallery of Art and Arthur M. Sackler Gallery, the Smithsonian’s museums of Asian art, will release their entire collections online Jan. 1, 2015, providing unprecedented access to one of the world’s most important holdings of Asian and American art. The vast majority of the 40,000 artworks have never before been seen by the public, and more than 90 percent of the images will be in high resolution and without copyright restrictions for noncommercial use. The Freer and Sackler galleries are the first Smithsonian and the only Asian art museums to digitize and release their entire collections, and in so doing join just a handful of museums in the U.S. The release is the result of a massive staff effort to photograph and create digital records for its objects, requiring almost 6,000 staff hours in the past year alone and resulting in more than 10 terabytes of data and 50,000 images. The galleries also hosted the Smithsonian’s Rapid Capture Pilot Project, an emerging method of quickly and efficiently digitizing vast numbers of smaller objects.

Submission + - BT to buy UK 4G leader EE for £12.5bn (v3.co.uk)

Submitted by DW100
DW100 writes: The UK mobile market looks set for a radical shake-up after BT confirmed it is now in final stage discussions to buy EE for £12.5bn. The move will see the telecoms giant return to the mobile market for the first time in over a decade and make the company the leader in both fixed and mobile markets. Whether or not the telecoms regulatory Ofcom will agree to such a deal, though, remains to be seen

Submission + - Shellshock Worm Exploiting Unpatched QNAP NAS Devices (threatpost.com)

Submitted by msm1267
msm1267 writes: A worm exploiting network attached storage devices vulnerable to the Bash flaw is scanning the Internet for more victims.

The worm opens a backdoor on QNAP devices, but to date it appears the attackers are using the exploit to run a click-fraud scam, in addition to maintaining persistence on owned boxes.

“The goal appears to be to backdoor the system, so an attacker could come back later to install additional malware,” said Johannes Ullrich, head of the Internet Storm Center at the SANS Institute.

QNAP of Taiwan released a patch in October for the Bash vulnerability in its Turbo NAS products. Like many other vulnerable products and devices, owners may not be aware that Bash is present and exposed. Bash was among a litany of Internet-wide vulnerabilities uncovered this year; the flaw in Bash, or Bourne Again Shell, affects Linux and UNIX distributions primarily, but also Windows in some cases. Bash is accessed, often quietly, by any number of functions which makes comprehensive patching difficult even though all major Linux distributions and most vendors have issued patches.

Submission + - Microsoft tells US: The worldâ(TM)s servers are not yours for the taking (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Microsoft's fight against the US position that it may search its overseas servers with a valid US warrant is getting nasty.

Microsoft, which is fighting a US warrant that it hand over e-mail to the US from its Ireland servers, wants the Obama administration to ponder a scenario where the "shoe is on the other foot."

"Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany," Microsoft said. "They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter's box with a master key, rummage through it, and fax the private letters to the Stadtpolizei."

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close