Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Gemalto Hack Could Compromise Contactless And ID Cards 1

Submitted by dkatana
dkatana (2761029) writes "A recent article published by The Intercept reports that the U.S. National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) stole millions of encryption keys used in SIM cards manufactured by Gemalto. While the article focuses on the possibility that those keys could be used by the agencies to monitor communications and possibly hack mobile devices using the SIM cards, it also gives some room to the possibility that other IC security modules based on Gemalto technology could be compromised.

Gemalto not only manufacturers Subscriber Identity Modules (SIM) cards for cellular providers, it is also the world’s largest manufacturer of contactless credit card ICs and a leading provider of identity modules used in government documents such as passports, driving licenses and ID cards."

+ - The Ghosts in the MP3s-> 1

Submitted by el_flynn
el_flynn (1279) writes "Continuing the debate about whether there's really any difference between lossless and lossy audio codecs, as well as the whole Pono debacle, Ryan Maguire, a Ph.D student at the University of Virginia, has found a way to "hear" what we're not hearing. From TFA, Ryan goes on to ask "what does the music which this codec delete sound like?", and builds a technique to recover these "lost" sounds... the ghosts in the MP3, so to speak."
Link to Original Source

+ - Notorious 8chan board has history wiped after federal judge's doxing 1

Submitted by AmiMoJo
AmiMoJo (196126) writes "On Monday, imageboard site 8chan's "baphomet" subboard, an Internet destination known for hosting aggressive "doxing" posts, received a major history wipe the day after one of its users posted the personal information of a federal judge in the Silk Road case. A follow-up post by baphomet's "Board Owner" account stated that "HW," a reference to site founder Frederick "hotwheels" Brennan, deleted "the SSN posts" and told the baphomet board founder, previously identified via an associated Twitter handle as Benjamin Biddix, to "lay low." The same day baphomet's "Board Owner" announced a "doxing for hire" service due to "running low on funds.""

+ - Planes disappearing from radar in Europe !?->

Submitted by thygate
thygate (1590197) writes "Early this month, on several occasions, several planes disappeared from radar for several seconds to 25 minutes. Incidents have been reported in Czech Republic, Slovakia, Switzerland and Germany. Authorities report that at no time were there any problems with the planes and radio communication was available at all times during these radar blackouts.
Eurocontrol and the EASA have started an investigation, there is a global concern about safety since the MH370 disappearance.
There are speculations about NATO military exercises involving radio equipment tests, but the alliance has refused to comment. The Hungarian ministry of defense refuses this explanation, stating the technology used is not powerful enough to cause these blackouts.
According to an Australian newspaper it could of even been hackers, but it is unclear if this is even possible."

Link to Original Source

+ - TweetDeck hacked, vulnerability spreads across internet->

Submitted by mpicpp
mpicpp (3454017) writes "TweetDeck, a popular Twitter app for desktops, has been hacked — because a 19-year-old computer geek in Austria wanted to use cute, little hearts.

Firo let Twitter know about the vulnerability as soon as he found it. But it was too late. Others in the hacker community noticed, and shortly thereafter, a mass TweetDeck hijacking ensued."

Link to Original Source

+ - Google's Project Ara Could Bring PC-Style Hardware Ecosystem to Phones->

Submitted by Anonymous Coward
An anonymous reader writes "Now that Google's modular phone effort, Project Ara, looks a bit less like vaporware, people are starting to figure out its implications for the future of cellphones. One fascinating possibility is that it could transform the cellphone purchasing process into something resembling desktop computer purchasing. Enthusiasts could search out the individual parts they like the best and assemble them into cellphone Voltron. People who just want a decent phone with no hassle could look at pre-built offerings — and not just from Apple, Samsung, and the like. It could open up a whole new group of phone 'manufacturers.' Of course, this comes with drawbacks, too — if you think fragmentation is bad now, imagine trying to support thousands of different hardware combinations."
Link to Original Source

+ - Password Storage Scheme Makes Cracking Individual Passwords Impossible-> 1

Submitted by Anonymous Coward
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store ( technical details). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist.

With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Link to Original Source

+ - Slashdot beta sucks 9

Submitted by Anonymous Coward
An anonymous reader writes "Maybe some of the slashdot team should start listening to its users, most of which hate the new user interface. Thanks for ruining something that wasn't broken."

+ - Programmer Debunks Source Code Shown In Movies And TV Shows

Submitted by rjmarvin
rjmarvin (3001897) writes "Someone is finally pausing TV shows and movies to figure out if the code shown on screen is accurate or not http://sdt.bz/67573. British programmer and writer John Graham-Cumming started taking screenshots of source code from movies such as "Elysium," "Swordfish" and "Doctor Who," and when it became popular turned the concept into a blog. Source Code in TV and Films http://moviecode.tumblr.com/ posts a new screenshot daily, proving that, for example, Tony Stark's first "Iron Man" suit was running code from a 1998 programmable Lego brick."

+ - Point of Sale Malware Suspect in Widening Retail Breach Scandal->

Submitted by chicksdaddy
chicksdaddy (814965) writes "Neiman Marcus became the latest, prominent U.S. retailer to admit that its network was hacked and credit card data on customers stolen. (http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/) But the story isn't over. Reuters reported on Monday that at least three other, well-known U.S. retailers took place in November and December and "were conducted using similar techniques as the one on Target." (http://mobile.reuters.com/article/idUSBREA0B01720140112?irpc=932) The common thread? Point of Sale malware like Dexter and Project Hook.

According to the Reuters report, which cited unnamed law enforcement officials and experts who were investigating the incidents, the malware used was described as a "RAM scraper," a possible reference to a feature of malware like Dexter, which uses RAM scraping to retrieve unencrypted credit card numbers from compromised point of sale systems.

The Security Ledger quotes experts from Arbor Networks who have observed a jump in Point of Sale malware with botnet like command and control features.(http://www.arbornetworks.com/asert/2013/12/happy-holidays-point-of-sale-malware-campaigns-targeting-credit-and-debit-cards/) CERT echoed those warnings in an advisory issued last week. (https://securityledger.com/2014/01/us-cert-warns-about-point-of-sale-malware/)

According to Arbor, much of the newest PoS malware uses RAM scraping to steal data before sending it out, in encrypted form, to command and control servers managed by the cyber criminal group behind the attack."

Link to Original Source

If a thing's worth having, it's worth cheating for. -- W.C. Fields

Working...