Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Microsoft Opens Vulnerability Bounty Program For Spartan Browser 53

Posted by timothy from the why-not-leave-the-code-to-survive-infancy-alone? dept.
jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.
Windows

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign 93

Posted by timothy from the when-governments-attack dept.
mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.
Crime

Allegation: Philly Cops Leaned Suspect Over Balcony To Obtain Password 225

Posted by timothy from the forget-it-jake-it's-the-city-of-brotherly-love dept.
An anonymous reader writes with this news from Ars Technica: If you want access to encrypted data on a drug dealer's digital device, you might try to break the crypto—or you might just try to break the man.

According to testimony from a police corruption trial currently roiling the city of Philadelphia, officers from an undercover drug squad took the latter route back in November 2007. After arresting their suspect, Michael Cascioli, in the hallway outside his 18th floor apartment, the officers took Cascioli back inside. Although they lacked a search warrant, the cops searched Cascioli's rooms anyway. According to a federal indictment (PDF), the officers 'repeatedly assaulted and threatened [Cascioli] during the search to obtain information about the location of money, drugs, and drug suppliers.' That included, according to Cascioli, lifting him over the edge of his balcony to try to frighten out of him the password to his Palm Pilot. That sounds like a good time for a duress password.
China

Github DDoS Attack As Seen By Google 52

Posted by Soulskill from the i-can-see-my-house-from-here dept.
New submitter opensec writes: Last month GitHub was hit by a massive DDoS attack originating from China. On this occasion the public discovered that the NSA was not the only one with a QUANTUM-like capability. China has its own "Great Cannon" that can inject malicious JavaScript inside HTTP traffic. That weapon was used in the GitHub attack. People using Baidu services were unwitting participants in the denial of service, their bandwidth used to flood the website. But such a massive subversion of the Internet could not evade Google's watchful eye. Niels Provos, engineer at Google, tells us how it happened. Showing that such attacks cannot be made covertly, Provos hopes that the public shaming will act as a deterrent.
DRM

Microsoft, Chip Makers Working On Hardware DRM For Windows 10 PCs 304

Posted by Soulskill from the just-what-users-wanted dept.
writertype writes: Last month, Microsoft began talking about PlayReady 3.0, which adds hardware DRM to secure 4K movies. Intel, AMD, Nvidia, and Qualcomm are all building it in, according to Microsoft. "Older generations of PCs used software-based DRM technology. The new hardware-based technology will know who you are, what rights your PC has, and won’t ever allow your PC to unlock the content so it can be ripped. ... Unfortunately, it looks like the advent of PlayReady 3.0 could leave older PCs in the lurch. Previous PlayReady technology secured content up to 1080p resolution using software DRM—and that could be the maximum resolution for older PCs without PlayReady 3.0." Years back, a number of people got upset when Hollywood talked about locking down "our content." It looks like we may be facing it again for 4K video.
Government

German Intelligence Helped NSA Spy On EU Politicians and Companies 80

Posted by Soulskill from the der-rubberschtampen dept.
An anonymous reader writes: We've known for some time already that intelligence agencies operate beyond rules, laws, and regulations. Now, we learn that the NSA and the German intelligence service, BND, lied and withheld information about misuse from the German Chancellor's Office.

"The BND realized as early as 2008 that some of the selectors were not permitted according to its internal rules, or covered by a 2002 US-Germany anti-terrorism "Memorandum of Agreement" on intelligence cooperation. And yet it did nothing to check the NSA's requests systematically. It was only in the summer of 2013, after Edward Snowden's revelations of massive NSA and GCHQ surveillance, that the BND finally started an inquiry into all the selectors that had been processed. According to Der Spiegel, investigators found that the BND had provided information on around 2,000 selectors that were clearly against European and German interests. Not only were European businesses such as the giant aerospace and defense company EADS, best-known as the manufacturer of the Airbus planes, targeted, so were European politicians—including German ones.

However, the BND did not inform the German Chancellor's office, which only found out about the misuse of the selector request system in March 2015. Instead, the BND simply asked the NSA to make requests that were fully covered by the anti-terrorism agreement between the two countries. According to Die Zeit, this was because the BND was worried that the NSA might curtail the flow of its own intelligence data to the German secret services if the selector scheme became embroiled in controversy.
Google

Median Age At Google Is 29, Says Age Discrimination Lawsuit 349

Posted by samzenpus from the get-ready-for-carrousel dept.
dcblogs writes: The typical employee at Google is relatively young, according to a lawsuit brought by an older programmer who is alleging age discrimination. Between 2007 and 2013, Google's workforce grew from 9,500 to more than 28,000 employees, "yet as of 2013, its employees' median age was 29 years old," the lawsuit claims. That's in contrast to the median age of nearly 43 for all U.S. workers who are computer programmers, according to the lawsuit.
Security

Researcher Discloses Methods For Bypassing All OS X Security Protections 130

Posted by samzenpus from the protect-ya-neck dept.
Trailrunner7 writes: For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence on a Mac as an attacker isn't much of a challenge at all. Gatekeeper is one of the key technologies that Apple uses to prevent malware from running on OS X machines. It gives users the ability to restrict which applications can run on their machines by choosing to only allow apps from the Mac App Store. With that setting in play, only signed, legitimate apps should be able to run on the machine. But Patrick Wardle, director of research at Synack, said that getting around that restriction is trivial. "Gatekeeper doesn't verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," Wardle said in a talk at the RSA Conference here Thursday. "It only verifies the app bundle. If Macs were totally secure, I wouldn't be here talking," Wardle said. "It's trivial for any attacker to bypass the security tools on Macs."
Windows

iTunes Stops Working For Windows XP Users 368

Posted by timothy from the why-it-seems-like-only-yesterday dept.
An anonymous reader writes: iTunes users who still run Windows XP started to experience connectivity issues this week. As documented in an Apple Support Communities thread, they can't log into the iTunes store, meaning functions like buying content, watching already purchased movies and TV shows, playing DRM-protected content, backing up, updating, and syncing all do not work.
Earth

USGS: Oil and Gas Operations Could Trigger Large Earthquakes 171

Posted by timothy from the now-there's-some-economic-stimulus dept.
sciencehabit writes: The U.S. Geological Survey (USGS) has taken its first stab at quantifying the hazard from earthquakes associated with oil and gas development. The assessment, released in a preliminary report today, identifies 17 areas in eight states with elevated seismic hazard. And geologists now say that such induced earthquakes could potentially be large, up to magnitude 7, which is big enough to cause buildings to collapse and widespread damage. Update: 04/23 15:56 GMT by T : New submitter truavatar adds: At the same time, the Oklahoma Geological Survey released a statement explicitly calling out deep wastewater injection wells to Oklahoma earthquakes, stating "The OGS considers it very likely that the majority of recent earthquakes, particularly those in central and north-central Oklahoma, are triggered by the injection of produced water in disposal wells."

Submission + - Music Industry Argues Works Entering Public Domain Are Not in Public Interest (michaelgeist.ca)

Submitted by Anonymous Coward
An anonymous reader writes: With news that Canada intends to extend the term of copyright for sound recordings and performers, the recording industry is now pushing the change by arguing that works entering the public domain is not in the public interest. It is hard to see how anyone can credibly claim that works are "lost" to the public domain and that the public interest in not served by increased public access, but if anyone would make the claim, it would be the recording industry.

Submission + - Qt Creator 3.4.0 Released

Submitted by jones_supa
jones_supa writes: Qt Creator 3.4.0 has been released with many new features. Qt Creator is a C/C++ IDE with specialized tools for developing Qt applications, and it works great for general-purpose projects as well. The new version comes with a C++ refactoring option to move function definitions out of a class declaration, auto-completion for signals and slots in Qt5-style connects, experimental Qt Test and Qt Quick Tests support in the Professional and Enterprise edition, support for 64-bit Android toolchains, and various other improvements. More details on the new version can be found in the official announcement and the changelog.
Communications

New Privacy Concerns About US Program That Can Track Snail Mail 66

Posted by timothy from the ask-not-what-your-country-can-do-to-you dept.
Lashdots writes: A lawyers' group has called for greater oversight of a government program that gives state and federal law enforcement officials access to metadata from private communications for criminal investigations and national security purposes. But it's not digital: this warrantless surveillance is conducted on regular mail. "The mail cover has been in use, in some form, since the 1800s," Chief Postal Inspector Guy J. Cottrell told Congress in November. The program targets a range of criminal activity including fraud, pornography, and terrorism, but, he said, "today, the most common use of this tool is related to investigations to rid the mail of illegal drugs and illegal drug proceeds." Recent revelations that the U.S. Postal Service photographs the front and back of all mail sent through the U.S., ostensibly for sorting purposes, has, Fast Company reports, brought new scrutiny—and new legal responses—to this obscure program.
Australia

Wellness App Author Lied About Cancer Diagnosis 256

Posted by timothy from the but-this-was-my-whole-health-plan dept.
Freshly Exhumed writes: Wellness advocate Belle Gibson, who translated her high profile as a cancer survivor into publishing success, has admitted her cancer diagnosis was not real. Ms Gibson, 23, who claimed to have healed terminal brain cancer by eating wholefoods, made the admission in an interview with the Australian Women's Weekly. The success of Gibson's book, The Whole Pantry, and her smartphone application, which advocates natural therapies, has been largely dependent on her high-profile as a cancer survivor. Sadly, we've seen this sort of behaviour before. It would seem that Belle Gibson has emulated Dr. Andrew Wakefield in knowingly decieving the public in ways that could possibly be dangerous to the health of believers.
Medicine

Ancient Hangover Cure Discovered In Greek Texts 105

Posted by samzenpus from the adjusting-your-humors dept.
An anonymous reader writes with good news for people looking for an old cure for an old problem. Trying to ease a bad hangover? Wearing a necklace made from the leaves of a shrub called Alexandrian laurel would do the job, according to a newly translated Egyptian papyrus. The "drunken headache cure" appears in a 1,900-year-old text written in Greek and was discovered during the ongoing effort to translate more than half a million scraps of papyrus known as the Oxyrhynchus Papyri. Housed at Oxford University's Sackler Library, the enormous collection of texts contains lost gospels, works by Sophocles and other Greek authors, public and personal records and medical treatises dating from the first century AD to the sixth century A.D.

Slashdot Top Deals

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Close