L3sPau1 - Slashdot User

Submission + - Linux Mint 17 KDE released! (themukt.com)

Submitted by sfcrazy on Monday June 23, 2014 @10:24AM

sfcrazy writes: The Linux Mint team has announced the release of Linux Mint 17 KDE codenamed Qiana. It’s based on KDE Software Compilation 4.13.0. There are many improvements in things like 'update manager' which improves the use experience and also show which type of updates are these. Then the device manager has also improved and it can install drivers even when the machine can't connect to the Internet as most drivers are available in the iso itself.

Submission + - Microsoft Opens Preview of Interflow Information Sharing Platform (threatpost.com)

Submitted by msm1267 on Monday June 23, 2014 @09:35AM

msm1267 writes: Much like the Year of PKI that has never come to be, information sharing has been one of security’s more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a competitive edge or exposing further vulnerabilities.

Microsoft hopes the latest tweak to its Microsoft Active Protections Program (MAPP) will calm the waters a bit and engage companies and industries to share threat data in an effort to stem the effects of targeted and persistent attacks and speed up incident response recovery.

A private preview is scheduled to open this week for Microsoft Interflow, a distributed platform for information exchange that is built on open specifications such as the Structured Threat Information eXpression (STIX), the Trusted Automation eXchange of Indicator Information (TAXII), and the Cyber Observable eXpression standards (CybOX). Today’s announcement comes 11 months after Microsoft expanded MAPP, its vendor partner information-sharing program to include incident responders.

Submission + - Cisco's FNR cipher claims to protect protect privacy in cloud (techienews.co.uk)

Submitted by hypnosec on Monday June 23, 2014 @08:20AM

hypnosec writes: Cisco has released a new experimental block cipher dubbed FNR or Flexible Naor and Reingold, which it claims is suitable for data with less than 128 bits or where preservation of input length is a must. Sashank Dara, software engineer at Cisco, explains that traditional block ciphers including AES work well with data of sizes greater than 128, 192 or 256 bits, but in cases wherein data transmission involves small chunks of data like IP addresses and MAC addresses and AES is used, the small blocks of data get bloated because of the padding requirement. This is where FNR comes in handy as it proposes “invertible matrices to provide a neat and generic way to achieve pair-wise independence for any arbitrary length”. Cisco has offered the code at github under the LPGLv2 and has also provided an application demoing IPV4 address encryption.

Submission + - 3D Printed Super Human Organs on Their Way? (3dprint.com)

Submitted by Anonymous Coward on Tuesday June 10, 2014 @10:09AM

An anonymous reader writes: Dr. Ozbolat from the University of Iowa recently spoke with reporters. Ozbolat is currently working on 3D printing a human pancreas to cure diabetes. That wasn't the most impressive part of his discussion however. He predicted that very soon we will have the capability to 3D bioprint enhanced human organs, even organs which generate electricity to function as self powered pacemakers for the heart. More details here: http://3dprint.com/5702/3d-pri...

Submission + - New Pandemiya Banking Trojan Written From Scratch (threatpost.com)

Submitted by msm1267 on Tuesday June 10, 2014 @10:04AM

msm1267 writes: A new banking Trojan has surfaced on hacker forums called Pandemiya. While the malware offers many of the same features criminals would find in Zeus, Citadel or Carberp, the malware is a completely new offering, a yearlong project, written from scratch featuring more than 25,000 lines of original C code.

Submission + - Samsung Galaxy S5 Overview & Features (techinfodesk.com)

Submitted by bookaminul on Tuesday June 10, 2014 @09:33AM

bookaminul writes: The Galaxy S5, from Samsung, was first available for purchase in April 2014. In the US, it's carried by AT&T Wireless, T-Mobile, Verizon Wireless, Virgin Mobile USA, Boost Mobile, and Metro PCS. The phone runs on the Android operating system, which is the most widely used mobile platform on Earth. It runs on Android 4.4, which is named KitKat, and it's the newest version of Android available. It was first released on mobile phones in September, 2013. TouchWiz, by Samsung, runs on top of Android 4.4 Kitkat on this phone, offering users a different experience from Vanilla Android. With 4G LTE support, it supports the fastest connectivity band currently available on smartphones.

Submission + - Vodafone admits governments use 'secret cables' to tap citizens' phones (telegraph.co.uk)

Submitted by schwit1 on Friday June 06, 2014 @08:26AM

schwit1 writes: Government agencies are able to listen to phone conversations live and even track the location of citizens without warrants using secret cables connected directly to network equipment, admits Vodafone today The company said that secret wires have been connected to its network and those belonging to competitors, giving government agencies the ability to tap in to phone and broadband traffic. In many countries this is mandatory for all telecoms companies, it said.

Vodafone is today publishing its first Law Enforcement Disclosure Report which will describe exactly how the governments it deals with are eavesdropping on citizens. It is calling for an end to the use of “direct access” eavesdropping and transparency on the number of warrants issued giving access to private data.

Submission + - Vodafone admits warentless wiretaping (vodafone.com)

Submitted by Charliemopps on Friday June 06, 2014 @08:05AM

Charliemopps writes: According to Vodafone 29 governments have installed equipment that collects data on its customers without a warrant. This includes metadata, location, data, and voice. This is a rather long, and very interesting report. Vodafone is the first telecommunications company to voluntarily release this kind of information.

Submission + - IPMI Protocol Vulnerabilities Have Long Shelf Life (threatpost.com)

Submitted by msm1267 on Friday June 06, 2014 @06:40AM

msm1267 writes: If enterprises are indeed moving services off premises and into the cloud, there are four letters those companies’ IT organizations should be aware of: IPMI.

Short for Intelligent Platform Management Interface, these tiny computers live as an embedded Linux system attached to the motherboards of big servers from vendors such as IBM, Dell and HP. IPMI is used by a Baseboard Management Controller (BMC) to manage Out-of-Band communication, essentially giving admins remote control over servers and devices, including memory, networking capabilities and storage. This is particularly useful for hosting providers and cloud services providers who must manage gear and data in varied locations.

Noted researchers Dan Farmer, creator of the SATAN vulnerability scanner, and HD Moore, creator of Metasploit, have been collaborating on research into the vulnerabilities present in IPMI and BMCs and the picture keeps getting uglier. Last July, Farmer and Moore published some research on the issue based upon work Farmer was doing under a DARPA Cyber Fast Track Grant that uncovered a host of vulnerabilities, and Internet-wide scans for the IPMI protocol conducted by Moore.

Yesterday, Farmer released a paper called “Sold Down the River,” in which he chastises big hardware vendors for ignoring security vulnerabilities and poor configurations that are trivial to find and exploit.

Submission + - Who trades and profits from these NSA secrets ?

Submitted by Jos Marten on Friday April 18, 2014 @03:29PM

Jos Marten writes: One point that Snowden made is that there is a commercial and industrial angle — about the massive hacking by the Private Contractors , mostly owned by Hedge Funds , doing the actual hacking, at least 21.000 at last count are Prrivate Contractors employees — and how can anybody in their right mind not expect these Hedge Funds NOT to trade on all that very valuable information ? They got access to at least 122 Government Leaders phones conversations and emails , data on thousands of top executives, lawyers, Government top staff, regulators, Judges, Police, Scientists and Doctors , Investors, etc., this information is very , very valuable. The solution is to Investigate the Trades and get the money back. Carlyle , Providence and KKR, to name a few of the Hedge Funds controlling NSA Private Contractors, have made billions of dollars every year for the last 5 — 7 years, so ask ? did they profit from this valuable information in the databases they control ?

Another point is that due to these abuses, IBM, Cisco, Juniper, Motorola, HP, Dell, Apple, Google, Yahoo, etc., have lost billions in contracts in many of these countries abused, but the media, when they have reported loses , they blame it on everything except this huge mistrust about the NSA: These companies should be demanding reparations from these Hedge Funds that have destroyed so many contracts, they need help setting the record straight.

Submission + - Heartbleed Disclosure Timeline Revealed 1

Submitted by bennyboy64 on Monday April 14, 2014 @01:59PM

bennyboy64 writes: Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 2. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't get a heads up, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL and they freaked out and decided to tell the world about it.

Submission + - Phase 1 of TrueCrypt Audit Turns up No Backdoors (threatpost.com)

Submitted by msm1267 on Monday April 14, 2014 @01:46PM

msm1267 writes: A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase.

A report on the first phase of the audit was released today by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly.

Submission + - FTC Settles with Sites over SSL Lies (threatpost.com)

Submitted by Anonymous Coward on Friday March 28, 2014 @02:43PM

An anonymous reader writes: The makers of two major mobile apps, Fandango and Credit Karma, have settled with the Federal Trade Commission after the commission charged that they deliberately misrepresented the security of their apps and failed to validate SSL certificates. The apps promised users that their data was being sent over secure SSL connections, but the apps had disabled the validation process.

The settlements with the FTC don’t include any monetary penalties, but both companies have been ordered to submit to independent security audits every other year for the next 20 years and to put together comprehensive security programs.

Submission + - Small World Discovered Far Beyond Pluto (discovery.com)

Submitted by astroengine on Wednesday March 26, 2014 @02:00PM

astroengine writes: After a decade of searching, astronomers have found a second dwarf-like planet far beyond Pluto and its Kuiper Belt cousins, a presumed no-man’s land that may turn out to be anything but. How Sedna, which was discovered in 2003, and its newly found neighbor, designated 2012 VP 2113 by the Minor Planet Center, came to settle in orbits so far from the sun is a mystery. Sedna comes no closer than about 76 times as far from the sun as Earth, or 76 astronomical units. The most distant leg of its 11,400-year orbit is about 1,000 astronomical units. Newly found VP 2113’s closest approach to the sun is about 80 astronomical units and its greatest distance is 452 astronomical units. The small world is roughly 280 miles (450 kilometers) wide, less than half the estimated diameter of Sedna.

Submission + - Security the Facebook Way (threatpost.com)

Submitted by Anonymous Coward on Wednesday March 26, 2014 @01:01PM

An anonymous reader writes: Facebook threw back the curtain on its ThreatData framework which it uses to collect and correlate threat-related information from a variety of sources to protect its internal network as well as users of the social network. Facebook has built a set of feeds of malicious URLS, malware hashes and other information, which it stores in a database that has a couple of custom search capabilities. That data is then pushed through a custom processing engine to look for new threats that need immediate responses.

Slashdot Top Deals