L3sPau1 - Slashdot User

Submission + - Who trades and profits from these NSA secrets ?

Submitted by Jos Marten on Friday April 18, 2014 @03:29PM

Jos Marten writes: One point that Snowden made is that there is a commercial and industrial angle — about the massive hacking by the Private Contractors , mostly owned by Hedge Funds , doing the actual hacking, at least 21.000 at last count are Prrivate Contractors employees — and how can anybody in their right mind not expect these Hedge Funds NOT to trade on all that very valuable information ? They got access to at least 122 Government Leaders phones conversations and emails , data on thousands of top executives, lawyers, Government top staff, regulators, Judges, Police, Scientists and Doctors , Investors, etc., this information is very , very valuable. The solution is to Investigate the Trades and get the money back. Carlyle , Providence and KKR, to name a few of the Hedge Funds controlling NSA Private Contractors, have made billions of dollars every year for the last 5 — 7 years, so ask ? did they profit from this valuable information in the databases they control ?

Another point is that due to these abuses, IBM, Cisco, Juniper, Motorola, HP, Dell, Apple, Google, Yahoo, etc., have lost billions in contracts in many of these countries abused, but the media, when they have reported loses , they blame it on everything except this huge mistrust about the NSA: These companies should be demanding reparations from these Hedge Funds that have destroyed so many contracts, they need help setting the record straight.

Submission + - Heartbleed Disclosure Timeline Revealed 1

Submitted by bennyboy64 on Monday April 14, 2014 @01:59PM

bennyboy64 writes: Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 2. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't get a heads up, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL and they freaked out and decided to tell the world about it.

Submission + - Phase 1 of TrueCrypt Audit Turns up No Backdoors (threatpost.com)

Submitted by msm1267 on Monday April 14, 2014 @01:46PM

msm1267 writes: A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase.

A report on the first phase of the audit was released today by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly.

Submission + - FTC Settles with Sites over SSL Lies (threatpost.com)

Submitted by Anonymous Coward on Friday March 28, 2014 @02:43PM

An anonymous reader writes: The makers of two major mobile apps, Fandango and Credit Karma, have settled with the Federal Trade Commission after the commission charged that they deliberately misrepresented the security of their apps and failed to validate SSL certificates. The apps promised users that their data was being sent over secure SSL connections, but the apps had disabled the validation process.

The settlements with the FTC don’t include any monetary penalties, but both companies have been ordered to submit to independent security audits every other year for the next 20 years and to put together comprehensive security programs.

Submission + - Small World Discovered Far Beyond Pluto (discovery.com)

Submitted by astroengine on Wednesday March 26, 2014 @02:00PM

astroengine writes: After a decade of searching, astronomers have found a second dwarf-like planet far beyond Pluto and its Kuiper Belt cousins, a presumed no-man’s land that may turn out to be anything but. How Sedna, which was discovered in 2003, and its newly found neighbor, designated 2012 VP 2113 by the Minor Planet Center, came to settle in orbits so far from the sun is a mystery. Sedna comes no closer than about 76 times as far from the sun as Earth, or 76 astronomical units. The most distant leg of its 11,400-year orbit is about 1,000 astronomical units. Newly found VP 2113’s closest approach to the sun is about 80 astronomical units and its greatest distance is 452 astronomical units. The small world is roughly 280 miles (450 kilometers) wide, less than half the estimated diameter of Sedna.

Submission + - Security the Facebook Way (threatpost.com)

Submitted by Anonymous Coward on Wednesday March 26, 2014 @01:01PM

An anonymous reader writes: Facebook threw back the curtain on its ThreatData framework which it uses to collect and correlate threat-related information from a variety of sources to protect its internal network as well as users of the social network. Facebook has built a set of feeds of malicious URLS, malware hashes and other information, which it stores in a database that has a couple of custom search capabilities. That data is then pushed through a custom processing engine to look for new threats that need immediate responses.

Submission + - US intelligence group wants software to decide who is trustworthy (networkworld.com)

Submitted by coondoggie on Wednesday March 05, 2014 @03:10PM

coondoggie writes: In the security business one can never have enough trust. And one government group now wants your help in developing a software program that could help decide who's trustworthy and who isn't. A $50,000 software competition announced recently by the Intelligence Advanced Research Project Activity (IARPA) group is looking to the public to develop what it calls an "algorithm that identifies and extracts such signals from data recorded while volunteers engaged in various types of trust activities."

Submission + - Gabe Newell Confirms That Valve is Prepping Source 2 Game Engine for Virtual Rea (roadtovr.com)

Submitted by Anonymous Coward on Wednesday March 05, 2014 @01:45PM

An anonymous reader writes: In a Q&A session on Reddit last night (http://bit.ly/1drsQB1) with Valve's Gabe Newell, the founder confirmed (http://bit.ly/1cuD4md) that the company is in the process of getting the highly anticipated Source 2 game engine "working well with VR," with Valve's Alex Vlachos, Senior Graphics Programmer, apparently leading the charge. Still no word on when the engine may ship.

Valve, who is openly collaborating with Oculus VR, demonstrated a VR headset prototype in January at Steam Dev Days (http://bit.ly/1c9Dgqk). The company also launched a beta version of SteamVR which offers Steam's 'Big Picture' mode in a format compatible with the Oculus Rift VR headset (http://bit.ly/1dlWXcL).

Submission + - Hackers Paying Attention to Microsoft EMET Bypasses (threatpost.com)

Submitted by msm1267 on Wednesday March 05, 2014 @01:18PM

msm1267 writes: Exploits bypassing Microsoft’s Enhanced Mitigation Experience Toolkit, or EMET, are quickly becoming a parlor game for security researchers. With increasing frequency, white hats are poking holes in EMET, and to its credit, Microsoft has been quick to not only address those issues but challenge and reward researchers who successfully submit bypasses to its bounty program.

The tide may be turning, however, if the latest Internet Explorer zero day is any indication. An exploit used as part of the Operation SnowMan espionage campaign against U.S. military targets contained a feature that checked whether an EMET library was running on the compromised host, and if so, the attack would not execute.

That’s not the same as an in-the-wild exploit for EMET, but that may not be too far down the road, especially when you take into consideration two important factors: Microsoft continues to market EMET as an effective and temporary zero-day mitigation until a patch is released; and the impending end-of-life of Windows XP in three days could spark a surge in EMET installations as a stopgap.

Submission + - Bitcoin Trojan Found on Popular Download Sites (threatpost.com)

Submitted by msm1267 on Tuesday February 11, 2014 @08:48PM

msm1267 writes: Phony Bitcoin ticker apps hosted on popular sites Download.com and MacUpdate.com are fronts for the OSX/CoinThief Trojan, which was built to steal Bitcoin wallet credentials and keys, and to date has drained a small number of accounts.New variants of the Trojan targeting Mac OS X users were found on the sites and also include a browser extension for Firefox. Previous versions of CoinThief spread through a GitHub page that has since been taken down and included extensions for Safari and Google Chrome only.

Submission + - New 'Mask' APT Campaign Called Most Sophisticated Yet (threatpost.com)

Submitted by Gunkerty Jeb on Monday February 10, 2014 @02:09PM

Gunkerty Jeb writes: A group of high-level, nation-state attackers has been targeting government agencies, embassies, diplomatic offices and energy companies with a cyber-espionage campaign for more than five years that researchers say is the most sophisticated APT operation they’ve seen to date. The attack, dubbed the Mask, includes a number of unique components and functionality and the group behind it has been stealing sensitive data such as encryption and SSH keys and wiping and deleting other data on targeted machines.

Submission + - Near-Earth Asteroid is Stranger Than Thought (sciencemag.org)

Submitted by sciencehabit on Wednesday February 05, 2014 @10:17AM

sciencehabit writes: The oddly shaped, near-Earth asteroid 25143 Itokawa just got a lot weirder. When researchers analyzed how the object’s brightness changed over the course of 10 short intervals between 2001 and 2013, as measured by Earth-based telescopes, they found that the 535-meter-long cosmic peanut wasn’t rotating as expected. A detailed analysis suggested that Itokawa’s center of mass (about which the asteroid rotates) was 21 meters closer to the smaller end of the peanut than expected—a sign that the smaller end of the body, for whatever reason, is denser than the larger end. Although a shift of 21 meters doesn’t sound like much, that disparity suggests that the smaller end of the asteroid is more than 1.6 times as dense as the plumper end. Previously, some researchers have proposed that Itokawa is actually two asteroids in contact with one another, a scenario strongly supported by the new results, the team contends. It’s not clear whether the odd configuration results from the merger of a two-asteroid system or merely clumps of material that fell back together after a larger asteroid was blasted apart by an immense collision.

Submission + - DARPA Open Source Catalog (darpa.mil)

Submitted by Anonymous Coward on Tuesday February 04, 2014 @04:04PM

An anonymous reader writes: http://www.darpa.mil/OpenCatal... "The DARPA Open Catalog organizes publically releasable material from DARPA programs, beginning with the XDATA program in the Information Innovation Office (I2O). XDATA is developing an open source software library for big data. DARPA has an open source strategy through XDATA and other I2O programs to help increase the impact of government investments. "

Submission + - Cutwail-Like Trojan Hides In Its Own Traffic (threatpost.com)

Submitted by msm1267 on Tuesday January 21, 2014 @11:01AM

msm1267 writes: A new spambot has been discovered that generates copious amounts of network traffic in an attempt to disguise what it’s really up to and throw off the scent of detection capabilities. The spambot, identified as Wigon.PH_44, is being served on compromised websites hosted on the WordPress platform. To date, there are up to 200 sites serving the malicious executable and there have been 15,000 hits in the wild on the malware signature, most of those in the United States.

Submission + - US Congressman accuses Snowden of acting with Russia (bbc.co.uk)

Submitted by Anonymous Coward on Monday January 20, 2014 @09:27AM

An anonymous reader writes: Looks like assassination of Edward Snowden's character has begun in earnest. The BBC reports that the chairman of the US House Intelligence Committee Mike Rogers (R- Michigan) has alleged that "US intelligence leaker Edward Snowden may have collaborated with Russia. I believe there's a reason he ended up in the hands, the loving arms, of an agent in Moscow."

The BBC continues: "Mr Rogers offered no firm evidence to back his theory, and the FBI is said to remain sure Mr Snowden acted alone... some the things Mr Snowden did were 'beyond his technical capabilities'. It appeared 'he had some help and he stole things that had nothing to do with privacy', such as large amounts of data on the US military, Mr Rogers alleged."

Slashdot Top Deals