Forgot your password?
typodupeerror

+ - Planes disappearing from radar in Europe !?->

Submitted by thygate
thygate (1590197) writes "Early this month, on several occasions, several planes disappeared from radar for several seconds to 25 minutes. Incidents have been reported in Czech Republic, Slovakia, Switzerland and Germany. Authorities report that at no time were there any problems with the planes and radio communication was available at all times during these radar blackouts.
Eurocontrol and the EASA have started an investigation, there is a global concern about safety since the MH370 disappearance.
There are speculations about NATO military exercises involving radio equipment tests, but the alliance has refused to comment. The Hungarian ministry of defense refuses this explanation, stating the technology used is not powerful enough to cause these blackouts.
According to an Australian newspaper it could of even been hackers, but it is unclear if this is even possible."

Link to Original Source

+ - TweetDeck hacked, vulnerability spreads across internet->

Submitted by mpicpp
mpicpp (3454017) writes "TweetDeck, a popular Twitter app for desktops, has been hacked — because a 19-year-old computer geek in Austria wanted to use cute, little hearts.

Firo let Twitter know about the vulnerability as soon as he found it. But it was too late. Others in the hacker community noticed, and shortly thereafter, a mass TweetDeck hijacking ensued."

Link to Original Source

+ - Google's Project Ara Could Bring PC-Style Hardware Ecosystem to Phones->

Submitted by Anonymous Coward
An anonymous reader writes "Now that Google's modular phone effort, Project Ara, looks a bit less like vaporware, people are starting to figure out its implications for the future of cellphones. One fascinating possibility is that it could transform the cellphone purchasing process into something resembling desktop computer purchasing. Enthusiasts could search out the individual parts they like the best and assemble them into cellphone Voltron. People who just want a decent phone with no hassle could look at pre-built offerings — and not just from Apple, Samsung, and the like. It could open up a whole new group of phone 'manufacturers.' Of course, this comes with drawbacks, too — if you think fragmentation is bad now, imagine trying to support thousands of different hardware combinations."
Link to Original Source

+ - Password Storage Scheme Makes Cracking Individual Passwords Impossible-> 1

Submitted by Anonymous Coward
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store ( technical details). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist.

With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Link to Original Source

+ - Slashdot beta sucks 9

Submitted by Anonymous Coward
An anonymous reader writes "Maybe some of the slashdot team should start listening to its users, most of which hate the new user interface. Thanks for ruining something that wasn't broken."

+ - Programmer Debunks Source Code Shown In Movies And TV Shows

Submitted by rjmarvin
rjmarvin (3001897) writes "Someone is finally pausing TV shows and movies to figure out if the code shown on screen is accurate or not http://sdt.bz/67573. British programmer and writer John Graham-Cumming started taking screenshots of source code from movies such as "Elysium," "Swordfish" and "Doctor Who," and when it became popular turned the concept into a blog. Source Code in TV and Films http://moviecode.tumblr.com/ posts a new screenshot daily, proving that, for example, Tony Stark's first "Iron Man" suit was running code from a 1998 programmable Lego brick."

+ - Point of Sale Malware Suspect in Widening Retail Breach Scandal->

Submitted by chicksdaddy
chicksdaddy (814965) writes "Neiman Marcus became the latest, prominent U.S. retailer to admit that its network was hacked and credit card data on customers stolen. (http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/) But the story isn't over. Reuters reported on Monday that at least three other, well-known U.S. retailers took place in November and December and "were conducted using similar techniques as the one on Target." (http://mobile.reuters.com/article/idUSBREA0B01720140112?irpc=932) The common thread? Point of Sale malware like Dexter and Project Hook.

According to the Reuters report, which cited unnamed law enforcement officials and experts who were investigating the incidents, the malware used was described as a "RAM scraper," a possible reference to a feature of malware like Dexter, which uses RAM scraping to retrieve unencrypted credit card numbers from compromised point of sale systems.

The Security Ledger quotes experts from Arbor Networks who have observed a jump in Point of Sale malware with botnet like command and control features.(http://www.arbornetworks.com/asert/2013/12/happy-holidays-point-of-sale-malware-campaigns-targeting-credit-and-debit-cards/) CERT echoed those warnings in an advisory issued last week. (https://securityledger.com/2014/01/us-cert-warns-about-point-of-sale-malware/)

According to Arbor, much of the newest PoS malware uses RAM scraping to steal data before sending it out, in encrypted form, to command and control servers managed by the cyber criminal group behind the attack."

Link to Original Source

+ - Anonymous Hits MIT On Anniversary of Aaron Swartz' Death ->

Submitted by judgecorp
judgecorp (778838) writes "Anonymous took down an MIT website on the anniversary of the death of Aaron Swartz, and urged visitors to the defaced page to support next month's protest against NSA surveillance, known as "The Day We Fight Back". That's a separate issue to the copyright policing which led to Swartz' death, but Anonymous says " If Aaron were alive he’d be on the front lines, fighting back against these practices that undermine our ability to engage with each other as genuinely free human beings.”"
Link to Original Source

+ - Canada (quietly) offering sanctuary to data from the U.S.->

Submitted by davecb
davecb (6526) writes "The Toronto Star's lead article today is Canada courting U.S. web giants in wake of NSA spy scandal, an effort to convince them their customer data is safer here. This follows related moves like cisco moving R&D to Toronto. Industry Canada will neither confirm nor deny that European and U.S. companies are negotiating to move confidential data away from the U.S. This critically depends on recent blocking legislation to get around cases like U.S. v. Bank of Nova Scotia, where U.S. courts "extradited" Canadian bank records to the U.S. Contrary to Canadian law, you understand ..."
Link to Original Source

+ - EU parliament says Prism part of US econ/polit espionage and not anti-terrorism->

Submitted by Qedward
Qedward (2499046) writes "EU politicians said that they doubt data collection by the US National Security Agency has been purely for the fight against terrorism.

In a draft report from the European Parliament's civil liberties committee, published yesterday, members of the European Parliament (MEPs) say that it is "very doubtful that data collection of such magnitude is only guided by the fight against terrorism," and that there may be other motives such as political and economic espionage.

The document urges EU countries to take legal action against the breach of their sovereignty perpetrated through such mass surveillance programmes."

Link to Original Source

+ - Yahoo's Email Encryption Needs Work->

Submitted by itwbennett
itwbennett (1594911) writes "On Tuesday, Yahoo delivered on a promise that it made in October to enable email encryption for everyone by default by January 8. While this is a great step, the company's HTTPS implementation appears to be inconsistent across servers and even technically insecure in some cases, according to Ivan Ristic, director of application security research at security firm Qualys. For example, some of Yahoo's HTTPS email servers use RC4 as the preferred cipher with most clients. 'RC4 is considered weak, which is why we advise that people either don't use it, or if they feel they must, use it as a last resort,' Ristic said."
Link to Original Source

+ - Spy Cam Found in American Airlines Lavatory->

Submitted by mreed911
mreed911 (794582) writes "Someone staring at the ceiling while "doing their business" in a lavatory on an American Airlines 767 from New York to San Francisco noticed something that didn't belong — a spy cam. Apparently some flash-drive/cam combo, the object was simply taped to the ceiling. No reports as to whether anyone on the plane claimed ownership, but the plane was diverted to Kansas City, evacuated and searched. So far, NBC News is the only one reporting the story."
Link to Original Source

+ - LG Smart TVs sending USB connected storage filenames back to corporate server-> 4

Submitted by Anonymous Coward
An anonymous reader writes "After some investigation, I found a rather creepy corporate video advertising their data collection practices to potential advertisers. In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default. It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off. It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive."
Link to Original Source

We have a equal opportunity Calculus class -- it's fully integrated.

Working...