Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

Submission + - Former Anon spokesperson indicted for allegedly linking to stolen information (arstechnica.com)

SternisheFan writes: On Friday, a federal grand jury in Dallas indicted Barrett Brown, a former self-proclaimed Anonymous spokesperson, for trafficking “stolen authentication features,” as well as "access device fraud" and “aggravated identity theft.” Brown has been detained since he was arrested in September for allegedly threatening a federal agent. 10 counts of the 12 count indictment concern the aggravated identity theft charge (the indictment references 10 people from whom Brown is alleged to have stolen information), but the most interesting charge is probably the first; a single count saying Brown, “did knowingly traffic in more than five authentication features knowing that such features were stolen and produced without lawful authority.” But rather than a physical back-alley hand-off, this alleged trafficking happened online when Barrett transferred a hyperlink, “from the Internet Relay Chat (IRC) channel called '#Anonops' to an IRC channel under Brown's control, called '#ProjectPM.'” That hyperlink happened to include over 5,000 credit card numbers, associating Ids, and Card Verification Values (CVVs) from the Stratfor Global Intelligence database.
Android

Submission + - Best Anti-Malware Scanner For Android Devices

SternisheFan writes: "by Adrian Kingsley-Hughes, Forbes:
  "What’s the best anti-malware scanner for Android devices?"
      I have both an Android smartphone and a tablet. The best place to go for impartial information about anti-malware scanners —called anti-virus scanners back in the day —is AV-TEST.org. This organization puts scanners through their paces and sorts the wheat from the chaff. According to a test of 41 different scanners carried out back in March 2012, and products from the following companies had detection rates of 90% and above. In AV-TEST’s own words, “users of products made by these companies can be assured that they are protected against malware.”
      Avast, Dr. Web, F-Secure, Ikarus, Kaspersky Lookout, McAfee, MYAndroid Protection/MYMobile Security, NQ Mobile/NetQin, Zoner (tablet version).
    Of this group, the one I like best is... (see article)"
Security

Submission + - Pakistan to cut phone services to prevent Muharram attacks Asso (indianexpress.com)

SternisheFan writes: Pakistan's interior minister Friday said the government will suspend cell phone services in most parts of the country over the next two days to prevent attacks against Shia Muslims during a key religious commemoration. Militants often detonate bombs using cell phones and this is the first time the government has implemented such a wide-scale suspension. Saturday and Sunday are the most important days of Muharram, the first month of the Islamic calendar, especially important to Shias. Pakistani Shias Sunday observe Ashoura, commemorating the 7th century death of Imam Hussein, the Prophet Muhammad’s grandson. Different parts of the Muslim world mark Ashoura on different days —neighbouring Afghanistan, for example, observes it on Saturday. “The suspension of cell phone services will begin at 6 am Saturday and run through the next day,” Interior Minister Rehman Malik told reporters in Pakistan’s capital, Islamabad. He said 90 per cent of the bombs set off by militants in Pakistan have been detonated using cell phones. Some criticized the government for suspending services, saying it was a huge inconvenience.
Security

Submission + - Why Congress Hacked Up a Bill to Stop Hackers (businessweek.com) 1

SternisheFan writes: On March 7, 2012, the Obama administration staged a mock cyberattack on the U.S. In a classified briefing for senators in the Capitol, FBI Director Robert Mueller, Department of Homeland Security Secretary Janet Napolitano, and other officials imagined a shutdown of New York City’s power grid that resulted in scores of deaths and billions of dollars in losses. Think Hurricane Sandy’s blackouts, only spread to all of Manhattan and the boroughs. At the time, lawmakers were fighting over an administration-backed bill that would require the computer systems that control utilities, chemical plants, oil pipelines, and other “critical infrastructure” to be hardened against sabotage by hackers and foreign spies. Under the bill, the government would also share secret information about digital espionage with corporations that store sensitive data, helping them to protect against China and other governments that target U.S. industrial research and financial records. The U.S. is ill-equipped to cope with an Internet assault on the computers that undergird much of the economy, and no federal agency has the authority to compel companies to protect themselves. The bill, called the Cybersecurity Act of 2012, was intended to fix that—and the White House believed the mock attack would underscore its urgency.
    Several senators said they were rattled by the presentation, according to a White House official who was there. Others dismissed it as hype. Either way, it wasn’t enough to close the deal. After a long summer of tense negotiations, the bill died in August. Republicans rejected it as a government power grab that would create another intrusive federal bureaucracy. Corporate and power-industry lobbyists argued it would cost businesses billions to meet the new standards, with no assurance that they’d be effective. Even Democrats who supported the bill privately conceded it couldn’t specify exactly what the regulations would require and how much they would cost. “Based on my experience, very few people on the Hill get this,” says Shawn Henry, who stepped down as executive assistant director of the FBI in April. “You can’t see it, touch it, or taste it, so it’s somehow not real.”

NASA

Submission + - NASA Says Staff Information Was on Stolen Laptop (nytimes.com)

SternisheFan writes: By NICOLE PERLROTH, New York Times:
    NASA told its staff this week that a laptop containing sensitive personal information for a large number of employees and contractors was stolen two weeks ago from a locked vehicle. Although the laptop was password protected, the information had not been encrypted, which could give skilled hackers full access to the contents. In its notice to employees on Tuesday, the agency said:
  "On Oct. 31, 2012, a NASA laptop and official NASA documents issued to a headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information for a large number of NASA employees, contractors and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals. We are thoroughly assessing and investigating the incident and taking every possible action to mitigate the risk of harm or inconvenience to affected employees."
    This is not the first time NASA has suffered a serious breach. The agency has long been a target for cybercriminals looking to pilfer sensitive research. In 2004, computers at several NASA sites, including its Jet Propulsion Laboratory in Pasadena, Calif., were breached. And as recently as March, the company reported a breach that was also caused by a stolen laptop. Given its history, it is unclear why the agency has not stepped up its security practices. Beth Dickey, a NASA spokeswoman, said that in this most recent case, the employee’s laptop had been for a security upgrade.
“The laptop was scheduled to receive encryption, as part of an ongoing, agency-wide effort to encrypt whole disks of all NASA computers,” Ms. Dickey said. “This one just hadn’t been done yet.”
    NASA has said it plans to have all of its laptops running whole-disk encryption software by Dec. 21.

Security

Submission + - Data thieves target debit cards, PINs at point of sale (usatoday.com)

SternisheFan writes: Using brash ingenuity, criminals out to steal your personal data are tampering with the checkout machines in department stores, supermarkets, gas stations and even your doctors' office. Their prime target: your debit card account number and personal identification number. Thieves use ruses, such as posing as repairmen to alter and corrupt payment terminals —installing skimmers and storage devices that capture account numbers from the magnetic strip on a card as well as the PIN numbers the customer keys in. "Technology is making it easier for criminals to develop smaller, more effective skimming devices," says Dale Dabbs, CEO of identity theft protection at consultancy McGladrey. Barnes & Noble recently disclosed that data thieves got away with installing corrupted checkout terminals in 63 bookstores in nine states. The case is under investigation, and the company has not said how many customers were affected.
IOS

Submission + - iPhone Uber-Hacker Comex Is Out At Apple (forbes.com)

SternisheFan writes: "Apple’s brief experiment in employing one of the most brilliant hackers to ever vivisect its machines seems to be over. On Thursday the legendary iPhone hacker Comex, who I identified last year as 20-year old Brown University student Nicholas Allegra, wrote on Twitter that after a year as an intern for the company whose products he once expertly deconstructed, his time at Apple has abruptly ended. “So no point in delaying,” he wrote. “As of last week, after about a year, I’m no longer associated with Apple.” “As for why?” he added in another tweet. “Because I forgot to reply to an email.”
    When I followed up with Allegra in a phone call, he explained that the email he forgot to answer was an offer to continue his employment at Apple as a remote intern. At Apple, apparently, offer letters are taken rather seriously, and Allegra soon learned that his had been rescinded. “I wasn’t too happy about it but it didn’t seem like I was able to fix it,” he says. “So that’s what it is.” Allegra added that his departure from Apple was more complicated than just a forgotten email, and that “it wasn’t a bad ending,” but declined to say more. He also wouldn’t say what he worked on during his two internships at Apple–one in the fall of last year and one over the past summer–but he said he enjoyed his time in Cupertino. Under the handle Comex, Allegra rose to hacker fame building “jailbreaking” tools for iPhones and iPads like Jailbreakme 2 and Jailbreakme 3, which allowed users to remove the restrictions on iOS devices that limit them to Under the handle Comex, Allegra rose to hacker fame building “jailbreaking” tools for iPhones and iPads like Jailbreakme 2 and Jailbreakme 3, which allowed users to remove the restrictions on iOS devices that limit them to downloads only from Apple’s official app store. Both tools entirely defeated iOS’s strict security measures–perhaps the strongest of any consumer operating system–when users simply visited a website, grabbing the attention of the security community and attracting millions of visitors eager to liberate their phones.
    Story by Andy Greenberg, Forbes.com"

Android

Submission + - Ask Slashdot: How can I protect my Android devices from hackers?

SternisheFan writes: ". My android phone (an unrooted OptimusV running 2.2.2) and my android tablet (Arnova 7g3 running 4.1) have been subjected to hacking via either 'forced bluetooth attack' and through the Wi-Fi signals in the home where I currently rent a room. I got an android phone at the start of this year after my 'feature phone' was force bluetooth hacked hoping for better security, yet I still have major security issues. For instance, my Optimus's Wi-fi again shows an error, although I am sure that a hack is causing this since when I reset the device when it's out of range from this home's signal the Wi-fi works fine. And now the tablet recently can't access this home's open Wi-fi, though it works fine when at other outside 'hot-spots'.
    So, my question is: Are there any good (free?) security apps out there that would actually prevent this from ocurring? This has been a real issue for so long now, and it's not like I'm doing nefarious things on the internet, I just want to keep it private. I would greatly appreciate any help from the Slashdot community, thanks. "SternisheFan""
Security

Submission + - Smartphone Mugging Is More Popular Than Ever (gizmodo.com)

SternisheFan writes: "By Eric Limer: When you get a flashy, fancy new phone, of course you're going to want to use it, but you better be careful how and where; new reports show smartphone theft is getting super popular . You might say this is a good reason to keep it in your pants. The problem is most prevalent, and getting worse the fastest, in urban areas. The Associated Press reports that smartphone robberies now account for nearly half of all robberies in San Francisco, as well as an impressive 40 percent here in New York City. And the numbers aren't just high, they're getting higher fast. In Los Angeles, smartphone robberies are up 27 percent from last year, with no signs of slowing down. The thefts come in all varieties as well. Victims have reported having their phones—iPhones in particular (surprise!)—yanked out of their hands while talking, snatched just as public transit reaches a stop, or even taken at gunpoint. Gunpoint. There are all kinds of plans to combat the problem by requiring liscense to sell second hand phones, or start a national stolen phone database, but the best defense is to just be smart. Don't flash that thing around when you can avoid it and hold on tight. And it won't keep it from getting stolen, but back that sucker up just in case; it'll soften the blow. Whatever you do, be careful. That's a lot of money in your pocket."
Iphone

Submission + - iPhone Uber-Hacker Comex Is Out At Apple (forbes.com)

SternisheFan writes: "Apple’s brief experiment in employing one of the most brilliant hackers to ever vivisect its machines seems to be over.
        On Thursday the legendary iPhone hacker Comex, who I identified last year as 20-year old Brown University student Nicholas Allegra, wrote on Twitter that after a year as an intern for the company whose products he once expertly deconstructed, his time at Apple has abruptly ended. “So no point in delaying,” he wrote. “As of last week, after about a year, I’m no longer associated with Apple.” “As for why?” he added in another tweet. “Because I forgot to reply to an email.” When I followed up with Allegra in a phone call, he explained that the email he forgot to answer was an offer to continue his employment at Apple as a remote intern. At Apple, apparently, offer letters are taken rather seriously, and Allegra soon learned that his had been rescinded. “I wasn’t too happy about it, but it didn’t seem like I was able to fix it,” he says. “So that’s what it is.” Allegra added that his departure from Apple was more complicated than just a forgotten email, and that “it wasn’t a bad ending,” but declined to say more.
    Under the handle Comex, Allegra rose to hacker fame building “jailbreaking” tools for iPhones and iPads like Jailbreakme 2 and Jailbreakme 3, which allowed users to remove the restrictions on iOS devices that limit them to downloads only from Apple’s official app store. Both tools entirely defeated iOS’s strict security measures–perhaps the strongest of any consumer operating system–when users simply visited a website, grabbing the attention of the security community and attracting millions of visitors eager to liberate their phones. (Linked story by Andy Greenberg, Forbes staff)"

Operating Systems

Submission + - Kaspersky Lab Developing 'Secure' Operating System Antivirus software maker K (pcmag.com)

SternisheFan writes: "By Stephanie Mlot, PCMag: Antivirus software maker Kaspersky Lab is taking a stab at protecting the world's critical infrastructure, by developing its own secure operating system. The Kaspersky OS is aimed at protecting key information systems used in industry and infrastructure, like nuclear power stations, transportation control facilities, telecommunications systems, and other "critically important" installations, Eugene Kaspersky said in a blog post. Rumors of the lab's project have already surfaced, "so I guess it's time to lift the curtain (a little) on our secret project," Kaspersky wrote.
    The KL OS is "highly tailored, developed for solving a specific narrow task," Kaspersky said. It won't be used "for playing Half-Life on, editing your vacation deos, or blathering on social media." Kaspersky insisted that the effort will not allow attackers to carry out "any behind-the-scenes, undeclared activity," which has helped hackers infiltrate local systems. He pointed to one incident in Australia whereby a disgruntled hacker managed to flood an area of Queensland with sewage after a sewage firm had declined to hire him, but it took officials months to work out what had happened. "This is the important bit: the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable," Kaspersky wrote."

Security

Submission + - U.S. Suspects Iran Was Behind a Wave of Cyberattacks (nytimes.com)

SternisheFan writes: "N.Y. Times: WASHINGTON -American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a "cyber-Pearl Harbor." After Mr. Panetta's remarks on Thursday night, American officials described an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace. Among American officials, suspicion has focused on the "cybercorps" that Iran's military created in 2011 -partly in response to American and Israeli cyberattacks on the Iranian nuclear enrichment plant at Natanz -though there is no hard evidence that the attacks were sanctioned by the Iranian government. The attacks emanating from Iran have inflicted only modest damage. Iran's cyberwarfare capabilities are considerably weaker than those in China and Russia, which intelligence officials believe are the sources of a significant number of probes, thefts of intellectual property and attacks on American companies and government agencies."
Android

Submission + - Google Play Soon to Scan Android Apps for Malware (hothardware.com)

SternisheFan writes: "Google Play is about to become a safer place to download apps. It sounds weird to say that after all this time, but it's not terribly uncommon to find malware laying in wait --just ask the 80,000+ users who downloaded a fake copy of Bad Piggies. With the latest update to Google Play, it's been discovered that Google has introduced a built-in malware scanner. The folks at Android Police tore apart the APK update to 3.9.16 and here's the code they uncovered: App Check "Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security." Installing this app may harm your device Installation has been blocked Google recommends that you do not install this app. To protect you, Google has blocked the installation of this app. App name: "%s" I understand that this app may be dangerous. Verify apps? The "App Check" portion allows Google to examine apps you've already downloaded, while a blocker function will issue a warning if an app looks shady. For people who don't want Google to scan for malware, there will be an option to turn it off. However, all this scanning goodness won't be rolled out immediately. "Our examination of the new code in Google Play suggests that the company is building an API framework for virus-scanning in the future, and that the functionality will not be available until at least API level 17 (which will be supported in the version of the Android operating system after Android 4.1 (Jelly bean)," security firm Sophos stated in a blog post. In the meantime, there are numerous free antivirus scanners available in Google Play, including one from Sophos."
Iphone

Submission + - iPhone hacker dream team edges closer to iOS6 jailbreak (computerworld.com)

SternisheFan writes: "-A trio known for their prowess in hacking Apple's iPhone software indicated on Thursday they may be edging closer to breaking the improved security measures in iOS 6. The hackers, who spoke at the Hack in the Box security conference in Kuala Lumpur, are famous for "jailbreaking" the iPhone's software, the term for using combinations of exploits to allow the installation of unauthorized software. Apple dislikes the practice, which is legal in the U.S. but can void warranties for modified devices. The release of a new jailbreak is highly anticipated among the select group of iPhone users who resent the company's careful gatekeeping of applications it allows in its App Store.
    But the process for creating a jailbreak has become much more difficult with each iteration of Apple's iPhone software, and many of the old tricks used to create jailbreak software in the past simply don't work anymore. French hacker Cyril, known by his Twitter handle "@pod2g," admitted that iOS6 so far has him stumped. "At the moment, I'm kind of stuck ... but it could change in a week," said Cyril. "It's luck, I think." It's more than luck: creating a jailbreak is a highly technical, skillful process, and one that requires hours and hours of testing. Cyril spoke on the panel with David "@planetbeing" Wang and another famed broad-shouldered hacker who goes by pseudonym "@Musclenerd" on Twitter."

Security

Submission + - Hacker cracks 4 million hotel locks with 'James Bond Dry Erase Marker' (dailymail.co.uk)

SternisheFan writes: "This new hacker invention may look like a harmless dry erase marker, but in truth it's the ultimate electronic lock pick. In a post titled 'James Bond's Dry Erase Marker,' hotel hacker Matthew Jakubowski demonstrates how anyone can build this pocket-sized device which will open the lock on an estimated 4 million hotel rooms. 'I guess we wanted to show that this sort of attack can happen with a very small concealable device,' says Matthew Jakubowski, a security researcher with Trustwave, told Forbes. 'Someone using this could be searched and even then it wouldn't be obvious that this isn't just a pen.'
    The device exploits a vulnerability in Onity locks, a cheap lock used on millions of hotel room doors. Onity's site boasts their locks are used in 22,000 hotel worldwide.
    The lock has a small port on its bottom designed for hotels to set master keys. Hacker Cody Brocious discovered you could read the lock's memory through this port, including a decryption key. Borcious demonstrated a large, unwieldy device that could open a small percentage of locks this July at the Black Hat security conference.
    Onity responded with a way to patch the weakness in August, but the fix required hotels to make costly hardware repairs to millions of locks as well as pay for a more secure version. Security experts believe the expense has likely left a huge percentage of hotel rooms with the easily cracked model. Jakubowski's refined version can pop most locks in a fraction of a second."

Slashdot Top Deals

"Don't talk to me about disclaimers! I invented disclaimers!" -- The Censored Hacker

Working...