Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Submission + - Exploit Vendor Publishes Prices for Zero-Day Vulnerabilities

An anonymous reader writes: A shady exploit vendor published a price list for the zero-day bugs it's willing to buy. The highest paid bugs are for remote jailbreaks for iOS. Second is Android and Windows Phone. Third there are remote code execution bugs for Chrome, Flash, and Adobe's PDF Reader. This is the same company that just paid $1 million to a hacker for the first iOS9 jailbreak.

Submission + - Leaked NSA doc reveals 'sheer luck' needed to find useful info in sea of data (

schwit1 writes: The NSA didn’t know it was already sitting on a “goldmine” of data on one of its targets until one of its analysts discovered it by “sheer luck,” according to an internal newsletter entry leaked by Edward Snowden.

The article, dated March 23, 2011, was written by a signals development analyst in SIDtoday, an NSA in-house newsletter. He explains how he discovered the contact and personal information for over 10,000 people, as well as some 900 account login details, after “a ton of hard work,” according to reports from The Intercept and teleSUR.

“By sheer luck, (and a ton of hard work) I discovered an important new access to an existing target and am working with TAO to leverage a new mission capability,” the analyst wrote to colleagues. TAO refers to Tailored Access Operations, an NSA hacking team which had collected the 900 usernames and passcodes.

The “existing target” was Petróleos de Venezuela, a Venezuelan state oil company also referred to as PDVSA.

Submission + - Compromised CCTV and NAS Devices Found Participating in DDoS Attacks (

chicksdaddy writes: The parade of horribles ( continues on the Internet of Things, with a report from the security firm Incapsula that its researchers discovered compromised closed circuit cameras as well as home network attached storage (NAS) devices participating in denial of service attacks. The compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters, The Security Ledger reports. (

According to the report (, Incapsula discovered the infections as part of an investigation into a distributed denial of service attack on what it described as a “rarely-used asset” at a “large cloud service.” The attack used a network of 900 compromised cameras to create a flood of HTTP GET requests, at a rate of around 20,000 requests per second, to try to disable the cloud-based server.

The cameras were running the same operating system: embedded Linux with BusyBox, which is a collection of Unix utilities designed for resource-constrained endpoints. The malware in question was a variant of a self-replicating program known as Lightaidra, which targets systems running BusyBox and exploits vulnerable Telnet/SSH services using so-called “brute force dictionary attacks” (aka “password guessing”). Given that many Internet connected devices simply use the default administrator credentials when deployed, calling it a "brute force" attack is probably a stretch.

orensic evidence suggests that the cameras may have been accessed from multiple locations, suggesting multiple different attackers using the same infrastructure.

And closed circuit cameras aren’t the only connected devices taking part in denial of service attacks, either. Incapsula said that it is also investigating DDoS traffic linked to compromised network attached storage (NAS) devices, as well. There again: default admin credentials are likely the cause of the initial compromises.

Submission + - Your Junk Mail Shows if You're Rich or Poor writes: Recently, MIT economists Hong Ru and Antoinette Schoar analyzed over a million credit card mailings collected by Mintel, a company that pays people to read their junk mail. The economists scanned the terms of these offers and noted the income and education levels of recipients. Now Jeff Guo writes in the Washington Post that if you want to know what credit card companies think of you, look at the junk mail you receive from credit card companies. Are you “pre-screened” for lots of mileage-reward cards? Banks think you’re rich and educated. Do you mostly see offers for low-APR teaser rates? Banks think you’re poor and uneducated — and, perhaps, vulnerable to financial traps.

Cards with travel rewards epitomize the kind of product aimed at the rich and educated. It’s a fairly exclusive niche — only about 8 percent of credit card offers fall into this category. People in this demographic are the most likely to jet around, and therefore most likely to appreciate a card that will earn them frequent-flier miles. In contrast, the card offers sent to poorer, less-educated people were often loaded with risky features: low introductory APRs, high late fees, and penalty interest rates that kick in if you break the rules. Ru and Schoar believe that the system is tuned precisely to take advantage of those who make financial mistakes. "Backward loaded credit card features with high late fees can only be optimal [for companies] if customers do not understand their actual cost of credit," they write, using a term to describe arrangements that offer low upfront fees but higher penalty fees.

Comment Enovia Synchronicity (Score 1) 325

The DesignSync and ProjecySync components of Dassault Systems Enovia Synchronicity will do almost all of what you ask, including versioning of text/binary files, windows client software, web based interface, integration with its bug tracking system or its customizable process flows such as reviews/approvals, customizable data sets, triggers, scripts, email alerts etc and excellent documentation to boot. Probably the only piece of software I have seen that does it all. Just a happy user for the last 10 years.

Comment Re: Thats the usual problem with any radar system. (Score 2) 122

It is correct that a pseudo random sequence (either LiDAR or Radar or SONAR) can offset this to some extent. I imagine the receiver already has some kind of heterodyning (synchronous mixing or counting) to detect the ranging delays in a continuous stream of uniform pulses. I also imagine the hack used here uses a synchronous emission - ie; detects the incoming pulse and emits a suitably phased identical pulse in the next cycles that would seem to be coming from a nearby obstacle with a lesser delay. A pseudo random sequence can counter such a synchronous emission since the attacker has no way of knowing the delay of the next pulse in respect to the currently received one. The synchronous emission essentially should show up as background noise.

Submission + - Net Neutrality Developments In India

asvravi writes: People of India are up in arms to save their internet. The Telecom Regulatory Authority of India (TRAI) has put out a public consultation paper on regulations for net neutrality that is 118 pages long and reads like a corporate shill, favoring the big telecom. One month is given for public comment before it becomes regulation. The biggest private telecom company Airtel has introduced a special scheme which seeks to price data differently depending on which sites are being accessed. The nation is up in arms on the social media against these developments that threaten the future of net neutrality. TRAI received more than 12000 emails in a single day criticizing its actions, while the Indian telecom minister too received thousands of emails in a few hours. People started giving 0-star ratings en-masse on App stores to apps of e-commerce sites that signed up for Airtel's plan forcing them to cancel their plans. Yet others have managed to come up with a short summary of the 118 page consultation paper to make it readable and spur public opinion against it. Right To Information (RTI) applications are being filed to find out the process by which TRAI arrived at the biased proposal. Websites have sprung up — some serious ones calling people to arms ( while yet others add in a fun element to educate the common man about the seriousness of the situation ( Here is a video call-to-arms that has gone viral .

Submission + - German Airbus A320 plane crashes in French Alps (

schwit1 writes: Germanwings A320 aircraft flying from Barcelona to Düsseldorf goes down in southern French Alps with 148 on board

A distress call was made by the aircraft at 10.47am, while the plane was “in an abnormal situation”, the French transport ministry said. The crash happened shortly afterwards, it added. The aircraft disappeared off the radar at around 11.20am, Le Figaro reported. The plane dropped from 11,500 metres to 2,100 metres (38,000ft to 6,925ft) in nine minutes between 10.31am and 10.40am, air radar services said. The distress call to air traffic control in Marseilles was “mayday, mayday, mayday” and the pilot requested an emergency descent, meaning all air space had to be cleared below the route of the aircraft.

Submission + - Indian Supreme Court strikes down Sec 66A of IT Act (

CalcuttaWala writes: The Supreme Court of India, struck down as illegal, Section 66A of the Information Technology Act that was used by many government agencies to arrest people who used social media to voice opinions against powerful politicians and business leaders. This will allow many people to exercise their freedom of expression on the Internet

Pound for pound, the amoeba is the most vicious animal on earth.