Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Submission + - Source Code Similarities: Experts Unmask 'Regin' Trojan as NSA Tool (spiegel.de)

Submitted by turkeydance
turkeydance writes: The new analysis provides clear proof that Regin is in fact the cyber-attack platform belonging to the Five Eyes alliance, which includes the US, Britain, Canada, Australia and New Zealand. Neither Kaspersky nor Symantec commented directly on the likely creator of Regin. But there can be little room left for doubt regarding the malware's origin.
link:
http://www.spiegel.de/internat...
Microsoft

Microsoft To Invest In Rogue Android Startup Cyanogen 280

Posted by samzenpus from the have-a-pile-of-money dept.
An anonymous reader writes The Wall Street Journal reports that Microsoft plans to be a minority investor in a roughly $70 million round of equity financing for mobile startup Cyanogen Inc. Neither company is commenting on the plan but last week during a talk in San Francisco, Cyanogen's CEO said the company's goal was to "take Android away from Google." According to Bloomberg: "The talks illustrate how Microsoft is trying to get its applications and services on rival operating systems, which has been a tenet of Chief Executive Officer Satya Nadella. Microsoft has in the past complained that Google Inc., which manages Android, has blocked its programs from the operating system."
Businesses

LibreOffice Gets a Streamlined Makeover With 4.4 Release 148

Posted by samzenpus from the check-it-out dept.
TechCurmudgeon sends word that LibreOffice 4.4 has been released. "The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft's OOXML formats. LibreOffice 4.4 has got a lot of UX and design love," Jan "Kendy" Holesovsky, who leads the design team for Libreoffice, said in a statement. LibreOffice 4.4 is currently available for Windows."
Security

D-Link Routers Vulnerable To DNS Hijacking 64

Posted by samzenpus from the protect-ya-neck dept.
An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.
Intel

FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed 179

Posted by timothy from the if-thine-eye-offends-thee dept.
gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."
Privacy

'Anonymized' Credit Card Data Not So Anonymous, MIT Study Shows 96

Posted by timothy from the why-I-order-from-the-women's-menu dept.
schwit1 writes Scientists showed they can identify you with more than 90 percent accuracy by looking at just four purchases, three if the price is included — and this is after companies "anonymized" the transaction records, saying they wiped away names and other personal details. The study out of MIT, published Thursday in the journal Science, examined three months of credit card records for 1.1 million people. "We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of the Massachusetts Institute of Technology, said in an email.
Government

US Air Force Selects Boeing 747-8 To Replace Air Force One 293

Posted by timothy from the the-privileged-few dept.
Tyketto writes Following up on a previous story about its replacement, the US Air Force has selected the Boeing 747-8 to replace the aging Presidential fleet of two VC-25s, which are converted B747-200s. With the only other suitable aircraft being the Airbus A380, the USAF cited Boeing's 50-year history of building presidential aircraft as their reason to skip competition and opt directly for the aircraft, which due to dwindling sales and prospects, may be the last 747s to be produced.
Privacy

Snowden Documents: CSE Tracks Millions of Downloads Daily 103

Posted by samzenpus from the keeping-an-eye-on-things dept.
Advocatus Diaboli writes Canada's electronic spy agency sifts through millions of videos and documents downloaded online every day by people around the world, as part of a sweeping bid to find extremist plots and suspects, CBC News has learned. Details of the Communications Security Establishment project dubbed 'Levitation' are revealed in a document obtained by U.S. whistleblower Edward Snowden and recently released to CBC News. Under Levitation, analysts with the electronic eavesdropping service can access information on about 10 to 15 million uploads and downloads of files from free websites each day, the document says.
Security

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites 203

Posted by samzenpus from the watch-what-you-watch dept.
MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.
Programming

Anonymous No More: Your Coding Style Can Give You Away 220

Posted by samzenpus from the leaving-your-mark dept.
itwbennett writes Researchers from Drexel University, the University of Maryland, the University of Goettingen, and Princeton have developed a "code stylometry" that uses natural language processing and machine learning to determine the authors of source code based on coding style. To test how well their code stylometry works, the researchers gathered publicly available data from Google's Code Jam, an annual programming competition that attracts a wide range of programmers, from students to professionals to hobbyists. Looking at data from 250 coders over multiple years, averaging 630 lines of code per author their code stylometry achieved 95% accuracy in identifying the author of anonymous code (PDF). Using a dataset with fewer programmers (30) but more lines of code per person (1,900), the identification accuracy rate reached 97%.
Encryption

Justice Department: Default Encryption Has Created a 'Zone of Lawlessness' 431

Posted by Soulskill from the what-would-you-call-this-zone-that's-allegedly-associated-with-danger? dept.
Jason Koebler writes: Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is "very concerned" by the Google's and Apple's decision to automatically encrypt all data on Android and iOS devices.

"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we're prohibited from getting because of a company's technological choices.

Submission + - We May Have Jupiter To Thank For the Nitrogen In Earth's Atmosphere (nature.com)

Submitted by Anonymous Coward
An anonymous reader writes: Nitrogen makes up about 78% of the Earth's atmosphere. It's also the 4th most abundant element in the human body. But where did all the nitrogen on Earth come from? Scientists aren't sure, but they have a new theory. Back when the solar system was just a protoplanetary disk, the ice orbiting the early Sun included ammonia, which has a nitrogen atom and three hydrogen atoms. But there needed to be a way for the nitrogen to get to the developing Earth. That's where Jupiter comes in. During its theorized Grand Tack, where it plunged into the center of the solar system and then retreated outward again, it created shock waves in the dust and ice cloud surrounding the sun. These shock waves caused gentle heating of the ammonia ice, which allowed it to react with chromium-bearing metal to form a mineral called carlsbergite. New research (abstract) suggests this mineral was then present when the Earth's accretion happened.

Submission + - CSE tracks millions of downloads daily: Snowden documents (www.cbc.ca) 2

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Canada's electronic spy agency sifts through millions of videos and documents downloaded online every day by people around the world, as part of a sweeping bid to find extremist plots and suspects, CBC News has learned. Details of the Communications Security Establishment project dubbed "Levitation" are revealed in a document obtained by U.S. whistleblower Edward Snowden and recently released to CBC News. Under Levitation, analysts with the electronic eavesdropping service can access information on about 10 to 15 million uploads and downloads of files from free websites each day, the document says.
Bug

Security-Focused BlackPhone Was Vulnerable To Simple Text Message Bug 46

Posted by Soulskill from the nobody's-perfect dept.
mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.

Slashdot Top Deals

Happiness is twin floppies.

Close