72951555
submission
itwbennett writes:
A startup company whose backers include Qualcomm, Cisco Systems and a former ARM executive, and which reportedly has raised 'well north of $116 million' has just come out of stealth mode. The first thing to know about the company, which calls itself 21, is that it has designed an embedded chip for bitcoin mining. The details aren’t entirely clear, but the plan seems to be to get its bitcoin mining chip embedded into millions of smartphones and tablets, and for those devices to work collectively to mine new currency. But the company has larger ambitions: It sees its chip as a way to solve the problem of micro payments and it could also be used to pay for the chips themselves.
72939693
submission
itwbennett writes:
Researchers from FireEye recently collected messages from a Web site set up by the creators of a ransomware program called TeslaCrypt to interact with their victims. The messages offer a rare glimpse into the mindset of these cybercriminals and the distress they cause. Among the victims: a father who has been robbed of his baby’s pictures; an employee who lost business files to the malware and now fears losing his job; a housecleaning business set up by maids who can’t afford to pay the ransom.
72939413
submission
itwbennett writes:
The U.S. Federal Trade Commission has weighed in on the contentious issue of the proposed sale of consumer data by bankrupt retailer RadioShack, recommending that a model be adopted based on a settlement the agency reached with failed online toy retailer Toysmart.com. Jessica L. Rich, director of the FTC’s bureau of consumer protection, said in a letter to a court-appointed consumer privacy ombudsman that the agency’s concerns about the transfer of customer information inconsistent with RadioShack’s privacy promises 'would be greatly diminished' if certain conditions were met, including that the data was not sold standalone, and if the buyer is engaged in substantially the same lines of business as RadioShack, and expressly agrees to be bound by and adhere to the privacy policies.
72836713
submission
itwbennett writes:
United Airlines is offering rewards to researchers for finding flaws in its websites but the company will not accept bugs found in onboard Wi-Fi, entertainment or avionics systems, which the U.S. government says may be increasingly targeted by hackers. And as a reward for their efforts, researchers won't get the piles of cash typically associated with such programs, but instead will get miles that can be used for the company’s Mileage Plus loyalty program.
72818869
submission
jfruh writes:
The Internet Of Things — the world of omnipresent embedded network devices that true believers think is just around the corner — is a potential gold mine to whatever tech vendors can grab an early lead in the market. And Qualcomm thinks it's uniquely positioned to do so, with its solid background in low-powered processors and wireless networking giving it a leg up.
72812783
submission
itwbennett writes:
The China-based hacking group, which security vendor FireEye calls APT17, created accounts on TechNet and then left comments on certain pages. Those comments contained the name of an encoded domain, which computers infected by the group’s malware were instructed to contact. The encoded domain then referred the victim’s computer to a command-and-control server that was part of APT17’s infrastructure, said Bryce Boland, FireEye’s chief technology officer for Asia-Pacific.
72783185
submission
itwbennett writes:
Slashdot readers will remember that back in February, electric car battery maker A123 Systems sued Apple for allegedly 'raiding' the Waltham, Massachusetts, company and hiring five employees, including two top-level engineers. The loss of these workers essentially forced A123 to shut down some of its main projects, the suit alleged. Now, according to court documents filed Monday, A123 and Apple 'have reached an agreement, signed a term sheet, and are in the process of drafting a final settlement agreement.'
72779065
submission
jfruh writes:
Starbucks inspires loyalty among its heavy users — so much so that they're willing to connect their Starbucks gift cards and phone apps directly to their credit or debit cards, auto-refilling the balance when it runs low. But this has opened up a hole hackers can exploit.
72776677
submission
itwbennett writes:
A year after the European Union’s top court gave Europeans a right to be forgotten by search engines, it is most likely that Google will still remember you after you filed a request to disappear from its search listings. In fact, chances are that the search result you want to have removed when someone Googles your name will stay visible. That happens in almost 60 percent of cases, the company’s online transparency tool showed.
72775405
submission
itwbennett writes:
In a blog post, Rado Kotorov, Chief Innovation Officer at Information Builders asserts that the creators of enterprise apps, not just developers, but anyone who is involved, from defining the concept, to requirements gathering, to final implementation, implicitly assume some of the responsibility for other people’s decision making. Thus, the creators of the app have an ethical obligation to ensure that people can reach the right conclusions from the facts and the way they are presented in the app.
72753589
submission
jfruh writes:
One of the main selling points of ridesharing services like Uber are that they streamline the payment process: everything is taken care of in the app, which is already linked to your credit card. But in many places in the developing world, most people are unbanked and use only cash, and Uber will have to accommodate them to achieve its global ambitions. Thus, the company is launching a pilot project in India where passengers can pay in cash.
72749365
submission
itwbennett writes:
Researchers at MIT and Google Research have developed a method to automatically remove reflections that appear when shooting photos through glass. The technique finds glass reflections in photos by using the fact that they're usually made up of two reflections, one slightly offset from the other. Since the second reflection is a set distance from the first, the researchers used an algorithm to distinguish the reflections from all the other data in the image.
72735205
submission
chicksdaddy writes:
IT World has a story today suggesting that GitHub may be a victim of its own success. Exhibit 1: "GitHub dorking:" the use of GitHub's powerful internal search engine to uncover security holes and sensitive data in published code repositories. (http://www.itworld.com/article/2921135/security/add-github-dorking-to-list-of-security-concerns.html)
In a nutshell: GitHub's runaway popularity among developers is putting employers and development shops in a tough spot. As the recent story about Uber accidentally publishing database administrator credentials in a public GitHub repository suggests, (http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page/), it can be difficult even for sophisticated development organizations to grasp the nuances of how interactions with GitHub's public code repositories might work to undermine corporate security.
The ease with which developers can share and re-use code on GitHub is part of the problem, said Bill Ledingham, chief technology officer at Black Duck Software, which monitors some 300,000 open source software projects that use GitHub. Ledingham said leaked user credentials are inadvertent errors caused by developers too accustomed to the ease with which code can be borrowed, modified and resubmitted to GitHub.
"Developers in some cases are just taking the easiest path forward," he said. "They're checking in code or re-using it and not looking at some of these issues related to security."
Among the issues to watch out for are information leaks by way of vulnerabilities in GitHub.com or the GitHub API, leaks of intellectual property in published repositories and the leak of credentials and other shared secrets that could be used to compromise production applications.
Tools like the GitRob command line application developed by Michael Henriksen (http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/) make it a simple matter to analyze all the public GitHub repositories associated with a particular organization. GitRob works by compiling the public repositories belonging to known employees of that firm, then flagging filenames in each repository that match patterns of known sensitive files.
Companies that are doing software development need to take an active interest in GitHub, determining which employees and contractors are using it and verifying that no proprietary code or sensitive information is leaking into the public domain.
Internally, data leak prevention products can identify and block the movement of proprietary code. Concerted education for developers about best practices and proper security hygiene when downloading and uploading code to shared and searchable source repositories can help prevent head slapping mistakes like the leak of database administrator credentials and private keys.
72732029
submission
itwbennett writes:
A team of anonymous developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. A Mac OS X implementation is also in the works. The problem the developers are trying to highlight lies not with the operating systems, such as Windows or Linux, nor with the GPU (graphics processor unit) vendors, but rather with existing security tools, which aren’t designed to scan the random access memory (RAM) used by GPUs for malware code.
72650435
submission
itwbennett writes:
A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden. The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option. Such threats could be more sinister than traditional malware programs, according to the Jellyfish developers, in part because there are no tools to analyze GPU malware, they said.
