Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

+ - New Microsoft iOS and Android Outlook Apps cache your email and credentials->

Submitted by Anonymous Coward
An anonymous reader writes "New Microsoft Outlook Apps cache your credentials and *temporarily* store all incoming and outgoing mail. Outside of the obvious corporate security concerns, even for those outside the US, this mean sends and stores all your mail and passwords on US servers even if you are connecting to a private exchange server."
Link to Original Source

Comment: Re:Umm..and telnet is insecure. (Score 1) 367

by Burz (#48938111) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Qubes handles video playback just fine even at FHD (although within a frame, to show security context).

The MS Office website says Excel requires DirectX "for acceleration". IOW, it runs without acceleration if DirectX hardware is not available. Its not something I really notice, given that Excel mainly deals with text on a grid.

If you really need 3D, Qubes can handle it as long as you supply an additional GPU that behaves well with an IOMMU, such as an Nvidia Quadro. Otherwise, you have to wait for ITL to incorporate GPU virtualization into the Qubes codebase... but virtual GPU tech has only been demonstrated by GPU vendors very recently.

Granted, 3D is an important feature in PCs today, but the inability to /safely/ incorporate it thus far highlights the kind of negligence that has held sway in the computer industry.

You'll have more luck 3D-wise with a Hyper-V server combined with Windows new RemoteFX technology. I know that this is unpopular option, and if anyone can set me straight on hypervisors and 3D for Windows guests not running on Windows hypervisors, please do. I've researched KVM, LXD, Jailhouse, or ESX, and of those, only ESX has experimental Windows 3D guest support.

Most hypervisors are designed for the convenience of users and sysadmins to either run another OS, or better manage server resources... Securing desktop PC features is secondary at best with them.

+ - New Snowden Revelation: GCHQ/NSA 'Manipulate, Deceive And Destroy Reputations'

Submitted by Press2ToContinue
Press2ToContinue (2424598) writes "Extracted from the recent Snowden cache, Glenn Greenwald at NBC News has posted a GCHQ presentation demonstrating how the NSA incubated a covert "dirty tricks" group known as JTRIG — the Joint Threat Research Intelligence Group. The purpose of JTRIG is to infiltrate groups online and destroys people's reputations — going far beyond terrorist threats to national security.

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums.

NSA and GCHQ were self-described "signals intelligence" agencies, supposedly merely understanding and decoding signals, without taking offensive action. The Snowden docs have now revealed that the mandate of these organizations swings to the offensive, and they actively employ tactics which destroy people's lives to meet their own agendas.

Is this really a power you want to trust — a secretive government agency without any accountable oversight?"

+ - Source Code Similarities: Experts Unmask 'Regin' Trojan as NSA Tool->

Submitted by turkeydance
turkeydance (1266624) writes "The new analysis provides clear proof that Regin is in fact the cyber-attack platform belonging to the Five Eyes alliance, which includes the US, Britain, Canada, Australia and New Zealand. Neither Kaspersky nor Symantec commented directly on the likely creator of Regin. But there can be little room left for doubt regarding the malware's origin.

Link to Original Source

Microsoft To Invest In Rogue Android Startup Cyanogen 194

Posted by samzenpus
from the have-a-pile-of-money dept.
An anonymous reader writes The Wall Street Journal reports that Microsoft plans to be a minority investor in a roughly $70 million round of equity financing for mobile startup Cyanogen Inc. Neither company is commenting on the plan but last week during a talk in San Francisco, Cyanogen's CEO said the company's goal was to "take Android away from Google." According to Bloomberg: "The talks illustrate how Microsoft is trying to get its applications and services on rival operating systems, which has been a tenet of Chief Executive Officer Satya Nadella. Microsoft has in the past complained that Google Inc., which manages Android, has blocked its programs from the operating system."
The Internet

Eric Schmidt: Our Perception of the Internet Will Fade 228

Posted by Soulskill
from the augmenting-our-reality dept.
Esra Erimez writes: Google executive chairman Eric Schmidt on Thursday predicted a change in how we perceive the internet. Schmidt says, "There will be so many IP addresses, so many devices, sensors, things that you are wearing, things that you are interacting with that you won't even sense it. It will be part of your presence all the time. Imagine you walk into a room, and the room is dynamic. And with your permission and all of that, you are interacting with the things going on in the room."

Doomsday Clock Could Move 145

Posted by samzenpus
from the closer-to-midnight dept.
Lasrick writes The ominous minute hand of the 'Doomsday Clock' has been fixed at 5 minutes to midnight for the past three years. But it could move tomorrow. The clock is a visual metaphor that was created nearly 70 years ago by The Bulletin of the Atomic Scientists, whose Board of Governors boasts 18 Nobel laureates. Each year, the Bulletin's Science and Security Board assesses threats to humanity — with special attention to nuclear warheads and climate change — to decide whether the Doomsday Clock needs an adjustment. The event will be streamed live from the Bulletin's website at 11 am EST.

Comment: Re:Want one, with signature checking (Score 1) 229

by Burz (#48869763) Attached to: Librem: a Laptop Custom-Made For Free/Libre Software

But using my signature.

I want secure boot from beginning to desktop, with the knowledge that the NSA has not dicked with my computer beyond its initial state.

They are looking into it...

The Qubes OS community is interested in this laptop, but without a TPM chip Qubes' AEM firmware guarding feature won't work on the Librem. So they are looking at accommodating us in another way by employing some kind of user-generated cert to protect the system firmware.

Purism did, however, switch their CPU to an i7-770HQ (along with HM87 chipset) specifically to satisfy Qubes' requirement for I/O virtualization. Pending proper support in Coreboot, Qubes should run and provide great protection from remote exploits on the Librem.


SystemD Gains New Networking Features 553

Posted by samzenpus
from the making-things-better dept.
jones_supa writes A lot of development work is happening on systemd with just the recent couple of weeks seeing over 200 commits. With the most recent work that has landed, the networkd component has been improved with new features. Among the additions are IP forwarding and masquerading support (patch). This is the minimal support needed and these settings get turned on by default for container network interfaces. Also added was minimal firewall manipulation helpers for systemd's networkd. The firewall manipulation helpers (patch) are used for establishing NAT rules. This support in systemd is provided by libiptc, the library used for communicating with the Linux kernel's Netfilter and changing iptables firewall rulesets. Those wishing to follow systemd development on a daily basis and see what is actually happening under the hood, can keep tabs via the systemd Git viewer.

Say "twenty-three-skiddoo" to logout.