Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Botnet

Obama Administration Wants More Legal Power To Disrupt Botnets 67

Posted by Soulskill from the hopefully-does-not-involve-drone-strikes dept.
Trailrunner7 writes: The Obama administration has proposed an amendment to existing United Stated federal law that would give it a more powerful tool to go after botnets such as GameOver Zeus, Asprox and others. In recent years, Justice, along with private security firms and law enforcement agencies in Europe, have taken down various incarnations of a number of major botnets, including GameOver Zeus and Coreflood. These actions have had varying levels of success, with the GOZ takedown being perhaps the most effective, as it also had the effect of disrupting the infrastructure used by the CryptoLocker ransomware.

In order to obtain an injunction in these cases, the government would need to sue the defendants in civil court and show that its suit is likely to succeed on its merits. "The Administration's proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as "ransomware" )," assistant attorney general Leslie Caldwell wrote.
Security

Lenovo Still Shipping Laptops With Superfish 127

Posted by timothy from the maybe-they-need-some-superbait dept.
Ars Technica reports that weeks after Lenovo said it would stop selling computers with Superfish adware installed, it's still there for many purchasers of the company's laptops. From the article: Based on the experience of Ars readers Chai Trakulthai and Laura Buddine, Lenovo overstated both assurances. The pair recently examined a $550 Lenovo G510 notebook purchased by a neighbor, and their experience wasn't consistent with two of Lenovo's talking points. First, the PC was ordered in early February more than four weeks after Lenovo said it stopped bundling Superfish, and yet when the notebook arrived in late February it came pre-installed with the adware and the secure sockets layer certificate that poses such a threat.

"Lenovo may be saying they haven't installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed," Buddine said. "The Windows build had a date of December. They apparently aren't sorry enough to re-image the computers they have in stock to remove the problem and they're still shipping new computers with Superfish installed." Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: "Lenovo's software didn't begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting."
Security

Pharming Attack Targets Home Router DNS Settings 39

Posted by samzenpus from the protect-ya-neck dept.
msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.
Businesses

California Floats Conditional Approval For Comcast/TWC Merger 65

Posted by Soulskill from the making-it-worth-our-while dept.
New submitter Lord Flipper writes: The California Public Utilities Commission decision on the Comcast/Time-Warner proposed merger has just been released. It's not an exciting read, but the 25-bullet-point Appendix to the decision is interesting (PDF, starts on page 75). For example: "19. Comcast shall for a period of five years following the effective date of the parent company merger neither oppose, directly or indirectly, nor fund opposition to, any municipal broadband development plan in California, nor any CASF or CTF application within its service territory that otherwise meets the requirements of CASF or CTF."

Whoa! Comcast was not expecting this at all, and they're not happy about it. Here's one more, as an example: "8. Comcast shall offer Time Warner's Carrier Ethernet Last Mile Access product to interested [Competitive Local Exchange Carriers] throughout the combined service territories of the merging companies for a period of five years from the effective date of the parent company at the same prices, terms and conditions as offered by Time Warner prior to the merger."

The ruling by the CPUC covers all customers, present or in the future of the merged company, in California. What they're talking about is opening up Last Mile Access. This could be a step in the right direction, but the ruling today is definitely a surprise. It could nix the merger in California, or it could light a fire under the FCC's butts, or it could bring real competition to Internet access in California.

The CPUC is basing their entire decision on Common Carrier law (Setion 706, as opposed to Title II), and, unlike the projected FCC decision (coming around the 26th of the month) the CPUC's decision has all kinds of "teeth" as opposed to the FCC's "Title II, with forbearance" approach. It could get very interesting, very soon.

Comment Re:Make them pay (Score 1) 365

by theskipper (#49055229) Attached to: Smoking Is Even Deadlier Than Previously Thought

Not going to specifically defend what the AC said but perhaps the statement was related to alcohol's benefits being walked back recently:
http://www.bmj.com/content/350...

Coupled with the resveratrol marketing scheme over recent years, it's getting very difficult to make any unequivocal comments about the benefits of alcohol consumption.

Comment Re:Speculated at for over a year (Score 1) 331

by theskipper (#48976381) Attached to: Massive Layoff Underway At IBM

Officers of the company (i.e. insiders) would naturally want to exercise their options at the highest price possible. Increasing dividends makes the stock appear more attractive to institutional investors.

When institutions buy, that increases the pressure for the price to go up (retail investors don't move a market cap like this, only the big boys do). When the price per share goes up then that's more money that the officers can collect when they exercise their free options; in this case it looks like all the strikes were no higher than around $100. Or they simply sell some of their common position into the open market. The higher the stock price, the higher the profit. Tax strategies play a huge part too.

Any decent financial site will list insider transactions and their values, here's IBM's:
http://finance.yahoo.com/q/it?...
Programming

Ask Slashdot: Has the Time Passed For Coding Website from Scratch? 302

Posted by samzenpus from the best-tools-for-the-job dept.
First time accepted submitter thomawack writes As a designer I always do webdesign from scratch and put them into CMSMS. Frameworks are too complicated to work into, their code is usually bloated and adaptable online solutions are/were limited in options. I know my way around html/css, but I am not a programmer. My problem is, always starting from scratch has become too expensive for most customers. I see more and more online adaptive solutions that seem to be more flexible, but I am a bit overwhelmed because there are so many solutions around. Is there something you can recommend?
Crime

Parents Investigated For Neglect For Letting Kids Walk Home Alone 784

Posted by samzenpus from the won't-somebody-please-think-of-the-walking-children? dept.
HughPickens.com writes The WaPo reports that Danielle and Alexander Meitiv in Montgomery County Maryland say they are being investigated for neglect after letting their 10-year-old son and 6-year-old daughter make a one-mile walk home from a Silver Spring park on Georgia Avenue on a Saturday afternoon. "We wouldn't have let them do it if we didn't think they were ready for it," says Danielle. The Meitivs say they believe in "free-range" parenting, a movement that has been a counterpoint to the hyper-vigilance of "helicopter" parenting, with the idea that children learn self-reliance by being allowed to progressively test limits, make choices and venture out in the world. "The world is actually even safer than when I was a child, and I just want to give them the same freedom and independence that I had — basically an old-fashioned childhood," says Danielle. "I think it's absolutely critical for their development — to learn responsibility, to experience the world, to gain confidence and competency."

On December 20, Alexander agreed to let the children walk from Woodside Park to their home, a mile south, in an area the family says the children know well. Police picked up the children near the Discovery building, the family said, after someone reported seeing them. Alexander said he had a tense time with police when officers returned his children, asked for his identification and told him about the dangers of the world. The more lasting issue has been with Montgomery County Child Protective Services which showed up a couple of hours later. Although Child Protective Services could not address this specific case they did point to Maryland law, which defines child neglect as failure to provide proper care and supervision of a child. "I think what CPS considered neglect, we felt was an essential part of growing up and maturing," says Alexander. "We feel we're being bullied into a point of view about child-rearing that we strongly disagree with."
Security

Wireless Keylogger Masquerades as USB Phone Charger 150

Posted by Soulskill from the in-case-you-were-running-out-of-attack-vectors-to-worry-about dept.
msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards. The device is known as KeySweeper, and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself, and a handful of other bits. When it's plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.
Security

Finnish Bank OP Under Persistent DDoS Attack 92

Posted by samzenpus from the breaking-the-bank dept.
An anonymous reader writes The Finnish bank OP Pohjola Group has been a target of a dedicated DDoS attack for days. The attack, which investigators said was launched from both Finland and abroad, began on New Year's Eve. OP was forced to open a helpline for customers unable to confirm payments or transfer money because of jammed systems. On Saturday the firm said it would compensate people for any losses or late payment fees incurred as a result of attack. On Sunday morning the bank tweeted that its services were operating normally and even customers based outside Finland were able to access their accounts — and that it was still monitoring traffic carefully to try and ward off any renewed strikes. However, on Sunday afternoon further denial of service attacks took place delaying payments and preventing access to banking services for OP customers. A formal police complaint has been filed and OP says that KRP is looking into the case.

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close