Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - Microsoft Invests $1 Billion In 'Holistic' Security Strategy (

ancientribe writes: Microsoft over the past year has invested $1 billion in security and doubled its number of security executives, the company's CISO Bret Arsenault told Dark Reading. CEO Satya Nadella today officially announced the launch of a new managed security services group and a new cyber defense operations center — all part of its new strategy of holistic and integrated security across its products and services. Microsoft execs rarely detail the company's strategy so publicly, so that in itself underlines how security is a major element in its strategy.

Submission + - State Trooper Cars Hacked

ancientribe writes: Two models of Virginia State Police cruisers were hacked in an experiment to expose vulnerabilities in the vehicles and to come up with ways to protect the cars from hackers. Mitre, the Virginia Dept. of Motor Vehicles, the University of Virginia, and other organizations in cooperation with DHS and the DOT demonstrated the attacks on an unmarked 2012 Chevrolet Impala and a marked patrol car, a 2013 Ford Taurus. GM and Ford even provided their comments to the press in the wake of the experiment.

Submission + - Jeep Hackers Plotting Next Hack (

ancientribe writes: Famed car hackers Chris Valasek and Charlie Miller are mulling their next big car hack after their "monumental" demonstration of how they could remotely control the accelerator (and other elements) of a Jeep Cherokee on the highway, according to Valasek, who grew up in a town called Ford City. Really.

Submission + - Underwriters Laboratories To Launch Cybersecurity Certification for IoT (

ancientribe writes: Coming soon: an Underwriters Laboratories cybersecurity certification for Internet of Things products. The UL is putting the final touches on its own testing and certification program for these consumer products, a UL official told Dark Reading. The organization is also involved with a White House initiative to promote such security certification standards for Internet-connected consumer devices.

Submission + - 'Bar Mitzvah Attack' Plagues SSL/TLS Encryption (

ancientribe writes: Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore.

Submission + - Hackin' At The Car Wash, (Yeah) (

PLAR writes: Those LaserWash automatic car washes can be easily hacked via the Internet to get a free car wash or to manipulate the machines that clean the cars, a security researcher has found. Billy Rios says these car washes have web interfaces with weak/default passwords that if obtained, could allow an attacker to telent in and use an HTTP GET request to control the machines. And this very likely isn't the only car wash brand that's vulnerable, according to Rios.

Submission + - Forget Stuxnet: Banking Trojans Attacking Power Plants (

PLAR writes: Everyone's worried about the next Stuxnet sabotaging the power grid, but a security researcher says there's been a spike in traditional banking Trojan attacks against plant floor networks. The malware poses as legitimate ICS/SCADA software updates from Siemens, GE and Advantech. Kyle Wilhoit, the researcher who discovered the attacks, says the attackers appear to be after credentials and other financial information, so it looks like pure cybercrime, not nation-state activity.

Submission + - The World's Most Hackable Cars (

ancientribe writes: If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas.

Submission + - Website Hacks Dropped During World Cup Final (

PLAR writes: In case you were wondering: cyber criminals apparently care about who wins the World Cup. Researchers at Imperva studied attack data during the World Cup quarterfinal, semifinal and final matches, and found some interesting stats. Attackers upped their attacks during the quarters and semis — especially during that horrendous match when Germany routed Brazil — and hardly did any hacking during the final.

Submission + - 6 Things That Stink About SSL ( 1

ancientribe writes: We all have a love-hate relationship with SSL. Dark Reading recaps some of the real problems with Secure Sockets Layer implementations today, illustrated with some clever cartoons.

Submission + - Red Team, Blue Team: The Only Woman On The Team (

ancientribe writes: Cyber security pro Kerstyn Clover in this Dark Reading post shares some rare insight into what it's like to be a woman in the field. She ultimately found her way to her current post as a member of the incident response and forensics team at SecureState, despite the common societal hurdles women face today in the STEM field: "I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome," she writes.

Submission + - How Snowden Did It (

ancientribe writes: Key clues are emerging that provide a clearer picture of how Edward Snowden may have pulled off the most epic insider leak in history. Security firm Venafi says it has figured out how it all went down: Snowden fabricated SSH keys and self-signed digital certificates to access and ultimately steal the NSA documents, Venafi has concluded based on public information on the breach and their analysis. Venafi is also publicly challenging the NSA and Snowden to prove its conclusion wrong.

Submission + - DDoS Attack Used 'Headless' Browsers In 150-Hour Siege (

ancientribe writes: It sounds like a Halloween horror flick, but it's actually a real case of a rare form of a distributed denial-of-service attack (DDoS). The attackers pummeled a trading platform's website this past week in an attack what went on for a whopping 150 hours using a malicious version of a stripped-down browser simulation tool (aka Phantom JS, a headless browser), a tool for website developers to test apps and website loads. Marc Gaffan, co-founder of Incapsula, which fought the attack for the victim (its customer) says: "No one has 180,000 IPs at their disposal unless it's an amalgamation of separate botnets they are using interchangeably. This was a sophisticated and thought-out process."

Submission + - Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative (

An anonymous reader writes: Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework.

Submission + - Consumer Device Hacking Getting Lost In Translation (

ancientribe writes: Hackers who hack insulin pumps, heart monitors, HVAC systems, home automation systems, and cars are finding some life-threatening security flaws in these newly networked consumer devices, but their work is often dismissed or demonized by those industries and the policymakers who govern their safety. A grass-roots movement is now under way to help bridge this dangerous gap between the researcher community and consumer product policymakers and manufacturers. The security experts driving this effort appealed to the DEF CON 21 hacking conference audience to help them recruit intermediaries who can speak both hacker and consumer product and policy.

Slashdot Top Deals

Last yeer I kudn't spel Engineer. Now I are won.