halls-of-valhalla - Slashdot User

Submission + - Chinese Hackers Attack New York Times (halls-of-valhalla.org) 1

Submitted by

halls-of-valhalla

on Thursday January 31, 2013 @04:48AM

halls-of-valhalla writes: "Following an investigation by the New York Times on the claims that Chinese Prime Minister Wen Jiabao had amassed a multi-billion dollar fortune, the newspaper's network was attacked by Chinese hackers. These attacks started nearly four months ago with hackers stealing passwords from every employee at the paper, and in addition, personal computers of 53 employees were broken into.

These attacks were first noticed when the Times saw some unusual activity in their systems. After an investigation by a security firm called Mandiant, the security team was able to get into the system and track the activity of these hackers to see what their aim was and eventually to block them out of the system.

These hackers used typical Chinese military techniques in their attacks. These techniques include: routing attacks through US university computers, constantly rotating IP addresses, using email viruses to break into the system, and installing custom software to target specific individuals and documents.

The Chinese Ministry of National Defense has of course denied that the government had any connection to these attacks."

Submission + - Clever Trojan Uses SPF For C&C Server (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Tuesday January 29, 2013 @05:29AM

halls-of-valhalla writes: "A new trojan called Trojan.Spachanel is being used by hackers to inject JavaScript into each webpage opened in infected users' browsers. This malware inserts external scripts which display rogue advertisements in pop-up windows and trick users into clicking on them to generate income for the hackers.

This malware updates its URLs by generating domain names based on a predefined algorithm, and by making an SPF (Sender Policy Framework) lookup for it. This is interesting because SPF was actually created to validate emails and prevent spam by detecting email spoofing. Using SPF, administrators can specify which hosts have permission to send mail from a given domain by creating an SPF record on the domain name system. Mail exchangers then use this DNS to verify that the mail from given domains is being sent by a host with the proper permissions. If the sender's hostname or IP is not listed in this record, it is probably a spoofed email.

This trojan is quite clever in hiding itself because it uses this security feature to sneakily obtain a list of new addresses to use. This successfully disguises traffic from firewalls and other security programs which would normally block requests to command-and-control servers."

Submission + - Twitter Vine Has A Porn Problem (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Monday January 28, 2013 @04:31AM

halls-of-valhalla writes: "Amusingly, though not surprisingly, already by Friday (the follow day after its release), Twitter Vine has a porn problem. The app has quickly become very popular for shooting male genitalia and porn clips.

This doesn't, however, violate Twitter's terms of service. And users can report videos as offensive to get Twitter to display a warning at the start of the video clip, and if they are found to violate the terms of service they will be removed, and the user could be banned.

Also, even though this doesn't violate Twitter's terms of service, it could violite those of the Apple App Store. They have stated in their terms that they will reject any apps which contain pornographic material, and Apple has done so in the past with photo-sharing apps for similar reasons as these."

Submission + - The Solar System's Most Spectacular Geology Revealed by 50 Years of Robotic Expl (wired.com)

Submitted by

steben alegiojo

on Monday January 28, 2013 @03:42AM

steben alegiojo writes: "Before 1962, most of the planets in our solar system appeared as hardly more than blurry dots in some astronomer’s telescope.

The most that scientists knew about Mercury, Venus, or Jupiter was their size, surface temperature, and atmospheric composition. But on Dec. 14, 1962, the Mariner 2 spacecraft flew by Venus. For the first time, researchers had detailed and up-close information about another world, helping spawn new scientific fields such as astrogeology and modern planetary science. The planets in our solar system changed from distant points to fully fledged worlds, with distinctive and amazing features."

Submission + - Facebook Graph Search Embarrassing Side-Effects (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Thursday January 24, 2013 @06:55AM

halls-of-valhalla writes: "Tom Scott, a web comedian, has recently created a website called "Actual Facebook Graph Searches" (http://actualfacebookgraphsearches.tumblr.com) which demonstrates some embarrassing side-effects of the new Facebook Graph Search. It is apparently possible, and quite easy, to find amusing and embarrassing personal information about your friends by using Facebook Graph Search.

Some example searches are things like "Married people who like Prostitutes" and "Mothers of Jews who like Bacon". Tom Scott shows some screen shots and explanations for numerous amusing searches such as these on his blog.

This just goes to show that people share way too much personal info on their profiles, and they don't know how to properly use their privacy settings."

Submission + - Sony Fined £250,000 For Data Breach (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Thursday January 24, 2013 @04:45AM

halls-of-valhalla writes: "In April 2011, Sony's databases were hacked and private data (including names, addresses, birth dates, and even credit card information) of about 77 million users was breached. Since this data breach due Sony's use of outdated security software, and could have been easily prevented, the Information Comissioner's Office (ICO) has fined Sony £250,000 to reflect the severity of their mistake."

Submission + - Finland is crowdsourcing its new copyright law (dailydot.com)

Submitted by Anonymous Coward on Wednesday January 23, 2013 @02:43PM

An anonymous reader writes: Internet activists in Finland, upset with the country's strict copyright laws, are ready to take advantage of the country's promise to vote on any citizen-proposed bill that reaches 50,000 signatures. Digital rights group Common Sense in Copyright has proposed sweeping changes to Finland's Lex Karpela, a 2006 amendment to the Finnish copyright law that more firmly criminalized digital piracy. Under it, "countless youngsters have been found guilty of copyright crimes and sentenced to pay thousands, in some cases hundreds of thousands, of euros in punitive damages to the copyright organizations." The proposal to fix copyright is the best-rated and most-commented petition on the Open Ministry site.

Submission + - Atari Files Bankruptcy (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Monday January 21, 2013 @07:34AM

halls-of-valhalla writes: "Atari was one of the very first video game companies, starting way back in 1972. However, this long-running name that brought us titles like Pong and Asteroids is having major financial issues. Atari's United States branches have filed bankruptcy on Sunday, Janary 20 2013. This bankruptcy is an attempt to separate themselves from their French parent which has quite a bit of debt. The plan is to split from the French parent and find a buyer to form a private company."

Submission + - Is Facebook Launching its own Search Engine? (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Tuesday January 15, 2013 @10:07AM

halls-of-valhalla writes: "Facebook has announced that it will reveal a huge new feature tonight. Rumors say that it may be a search engine to compete with Google, or its own line of mobile phones. We'll find out tonight!"

Submission + - Cyber Wunderkind Aaron Schwartz Committed Suicide (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Tuesday January 15, 2013 @08:40AM

halls-of-valhalla writes: "As part of a federal investigation about the systematic downloading of academic journals from JSTOR, Arron Schwartz, co-author of the RSS 1.0 specification and co-owner of Reddit, was arrested. He was known for being opposed to JSTOR's practices regarding the payment of publishers instead of authors using the article fees. On the morning of January 11, 2013, Swartz was found dead in his apartment where he had hanged himself. It is believed that his suicide was a result of the stress of the investigation."

Submission + - Linksys Remote Preauth 0day (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Tuesday January 15, 2013 @07:49AM

halls-of-valhalla writes: "DefenseCode researchers discovered a remote preauth 0day root exploit which allows hackers to remotely obtain root access to Cisco Linksys routers.

They reported the vulnerability to Cisco a few months ago, but they still haven't fixed it, so DefenseCode plans to disclose the details of the exploit within the next two weeks.

Here's a youtube video demonstrating the vulnerability: http://www.youtube.com/watch?feature=player_embedded&v=cv-MbL7KFKE"

Submission + - Security Experts Warn Against Enabling Java Despite Oracle's Emergency Fix (ibtimes.co.uk)

Submitted by

DavidGilbert99

on Monday January 14, 2013 @06:19AM

DavidGilbert99 writes: "Despite Oracle quickly issuing a patch for the latest Java vulnerability, security experts agree that the software is still a security risk and urge users only to enable it were absolutely necessary.

One expert said it would take two years for Oracle to fix all the problems with the software, while another said he wouldn't dare to tell users that it's safe to enable Java again.

Finally, another security expert summed up the feeling among researchers by calling the platform, the Perpetual Vulnerability Machine."

Submission + - Research to Prevent Spearphishing Attacks (halls-of-valhalla.org)

Submitted by

halls-of-valhalla

on Monday January 14, 2013 @05:14AM

halls-of-valhalla writes: "Spear phishing is said to be one of the most challenging threats facing corporate networks today. Phishing is a method of acquiring information such as usernames, passwords, credit card numbers, etc. by impersonating a trusted person or website using electronic communication. Spearphishing is a phishing attack directed at a specific individual or company. Some of the most common examples of these phishing attempts are fake emails containing links and fake versions of popular website logins such as Facebook. Over the last few years spearphishing has become much more common because hackers now have more personal information to base their attacks on, and targetted attacks are much more successful.

After conducting some studies, the Georgia Tech Research Institute is performing some research into phishing prevention. To prevent attacks such as these in corporate settings, researchers are looking into behavioral pattern analysis methods for systems to detect potentially suspect messages and display warnings to users. One method would involve a system which processes all incoming traffic on a system. Since attackers typically target multiple users to increase chances for success, the system would monitor all incoming traffic and take note of patterns in the traffic. This system would also remember what is "normal" traffic for each user and raise an alert when traffic falls outside that norm.

Read the full story here: http://halls-of-valhalla.org/news.php?id=113"

Submission + - The Best and Worst from CES 2013 (informationweek.com)

Submitted by

CowboyRobot

on Monday January 14, 2013 @01:57AM

CowboyRobot writes: "InformationWeek has collected what it considers to be the five dumbest ideas presented at this year's CES. The list includes: "The HapiFork is an electronic fork that tracks how many mouthfuls of food you consume during a given meal, how many seconds pass between bites, and how long the meal took to complete." Also on the list is the iPotty, which is about what you would guess from the name. And for balance, the list of the seven standout technologies includes 3M's 84-inch touchscreen display and Parrot's $300 "AR Drone 2.0, a gravity-defying spectacle that puts yesteryear's remote-control helicopters to shame with its ability to dive, spin and whirl through the air.""

Submission + - Former Nortel execs await corporate fraud ruling (www.cbc.ca)

Submitted by Anonymous Coward on Sunday January 13, 2013 @11:06PM

An anonymous reader writes: Three former Nortel executives accused of orchestrating a widespread multimillion-dollar fraud will learn their fate in Toronto on Monday, nearly a year after one of the largest criminal trials in Canada's corporate history began. Ontario Superior Court Justice Frank Marrocco is set to rule on whether ex-CEO Frank Dunn, ex-CFO Douglas Beatty and ex-controller Michael Gollogly manipulated financial statements at Nortel Networks Corp., between 2002 to 2003. The men, who each face two counts of fraud, are accused of participating in a book-cooking scheme designed to trigger $12.8 million in bonuses and stocks for themselves at the once powerful Canadian technology giant.

Slashdot Top Deals