Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Can anyone suggest a credential escrow service? 4

Submitted by talexb
talexb (223672) writes "I have a web site client who would like to have login credentials to take over their web site in the event that I get hit by a truck (heaven forbid). I'm happy to give them this information, but I worry about unauthorized use — the well-meaning client gives them to a friend 'just to look around' and the friend does something that breaks a production web site (yes, I have backups). I'd love to have that information stored somewhere on the web, in a way that's protected and secure, yet easily available by the right person with the right passphrase."

Comment: Re:We need hardware write-protect for firmware (Score 4, Informative) 297

by alphatel (#49157979) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

What good will physical switches do if a virus is waiting for you to flip that switch to write-enable so that it can now infect the HDD firmware? Switches would be useful if you never update the firmware. In which case, eliminate the switch and make the firmware permanently read-only. My point is, we need a more secure way to update firmware.

Unless the virus is resident in Bios, (which can also be protected in the same manner), it would be impossible to be infected if you are in a power off state, then enable your switch/jumper, power on, flash your firmware, then disable the switch/jumper after completion before booting into your OS.

In the old floppy days things were pretty much this way. Time to go back.

+ - Snowden Film 'Citizenfour' Wins Oscar for Best Documentary->

Submitted by schwit1
schwit1 (797399) writes "Citizenfour, a film chronicling the living history of Edward Snowden's unprecedented heist of U.S. government secrets, won the Academy Award for best documentary Sunday night—an unusual feat for a movie so critical of a sitting president's policies.

Directed by Laura Poitras, the political thriller captures Snowden in a claustrophobic Hong Kong hotel room in the days leading up to and after the release of the first of batch of classified documents that publicly revealed the sweeping scope of the National Security Agency's mass surveillance of phone and Internet communications."

Link to Original Source

+ - Superfish Added to Windows Defender Database->

Submitted by jones_supa
jones_supa (887896) writes "Lenovo's Superfish adware placed its own security certificate on the machine and created a local man-in-the-middle attack by intercepting encrypted traffic to inject advertisements. By nature such actions are a security threat to Windows, and this is where Microsoft has stepped in. A new definition update for Windows Defender will make it detect Superfish as potentially unwanted software and cause a security alert, with the recommended action being to remove the software immediately. This will also help to protect those who were not aware of issue or did not know how to remove the certificate. It has been noted that from Firefox the certificate has to be removed separately."
Link to Original Source

+ - Online black market 'Darkleaks' lets you trade secrets for bitcoin->

Submitted by Anonymous Coward
An anonymous reader writes "An anonymous online black market site, Darkleaks, has been discovered which facilitates whistleblowing and helps blackmailers make money from selling confidential and valuable data in exchange for Bitcoin. The decentralized black marketplace is built on blockchain technology and is available to download as a free software package, with its source code published openly on code-sharing site Github. According to a blog post introducing the site, “there is no identity, no central operator and no interaction between leaker and buyers.” This anonymity is assured through blockchain which encrypts the files released when the payment is taken by the ‘leaker’, says developer Zozan Cudi. The developers say that Darkleaks will help “stop corruption and challenge power”, but there seems to be no limit to the files sellers and buyers can trade in, freely and anonymously – “government secrets”, “celebrity sex pictures” and “military intelligence”, among other critical and highly sensitive information."
Link to Original Source

+ - Lenovo pre-installs malware injecting ads and spoofing SSL certs->

Submitted by janoc
janoc (699997) writes "Lenovo is pre-installing adware/malware called Superfish on their laptops which serves ads for products you may be browsing/shopping for, "but cheaper". Unfortunately it also breaks into SSL sessions by installing a false root certificate, allowing for potential snooping on secure sessions."
Link to Original Source

+ - Spyware Developed By NSA Resides In HDD Firmware

Submitted by Anonymous Coward
An anonymous reader writes "The Russian computer security firm Kaspersky has uncovered spyware code buried in the firmware of common hard disk drives. The spyware kit has been customized to support all major HDD brands. Most of the infections have occurred in countries that are frequent US spying targets, such as China, Iran, Pakistan and Russia. Kaspersky declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it. Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001."

Comment: Re:This sounds vaguely familiar ... (Score 1) 215

by alphatel (#49037271) Attached to: Russia Seeking To Ban Tor, VPNs and Other Anonymizing Tools

Obama believes Silicon Valley companies also want to solve the problem. “They’re patriots.” ...

A patriot is "a person who vigorously supports their country and is prepared to defend it against enemies or detractors." Corporations run to whatever country will shelter them. They have no allegiance unless it empowers them financially or otherwise.

Snowden would qualify as a better patriot than any corporation since he is 1) a person (and not in the deluded SCOTUS sense either), and 2) he is prepared to defend it against ITSELF. The setback for him is his country will not let him back without sitting in a jail cell for the remainder of his life.

Comment: Re:Nobody should trust these scammers (Score 1) 80

by alphatel (#48894135) Attached to: Winklevoss Twins Plan Regulated Bitcoin Exchange
This major change in the investment possibilities has sent shockwaves through the BTC community. The price change in the past month has been so dramatic as to herald a new world order for those who depend on it for their fidelity and fu...

Oh wait, I was looking at an oil chart. n/m

I am more bored than you could ever possibly be. Go back to work.