Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - HPE Servers Get New Names To Help Users Figure Out How To Use Them (cio.com) 1

itwbennett writes: The 'MC' in HPE's new Integrity MC990 X (replacing the Proliant DL980) stands for 'mission critical.' It's the first in a line of many servers that will conform to this new naming convention to indicate the sort of workloads they tackle. 'BL' will indicate 'blade,' and the Proliant name will be used for low-end and mid-range servers in this line.

Submission + - US Government Wants To Sharply Increase Spending On Cybersecurity (csoonline.com)

itwbennett writes: The U.S has been working since 2009 to improve the nation's cyber defenses, said Michael Daniel, special assistant to the President and cybersecurity coordinator, in a phone briefing with reporters Monday. But spending on cybersecurity is about to be ratcheted up. A plan being announced today by President Obama calls for a $3.1 billion fund to replace outdated IT infrastructure; a new position of federal chief information security officer; a commission to study cybersecurity problems, and a program to recruit cybersecurity experts into government roles.

Submission + - Java Installer Flaw Shows Why You Should Clear Your Downloads Folder (csoonline.com) 1

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

Submission + - Hackers Leak DHS Staff Directory, Claim FBI Is Next (csoonline.com)

itwbennett writes: On Sunday, the name, title, email address, and phone number of more than 9,000 DHS employees, with titles ranging from engineers, to security specialists, program analysts, InfoSec and IT, all the way up to director level was posted on Twitter. 'The account went on to claim that an additional data dump focused on 20,000 FBI employees was next,' writes CSO's Steve Ragan. The hacker told Motherboard that the data was obtained by 'compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place.'

Submission + - Neutrino Exploit Kit Has A New Way To Detect Security Researchers (csoonline.com) 1

itwbennett writes: Neutrino is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.

Submission + - Why AT&T's Attempt To Kill Municipal Broadband In Tenn. Matters To All Ameri (cio.com)

itwbennett writes: If you don't live in Chattanooga, Tenn., you probably aren't aware that the city's municipally owned electric utility, EPB, provides its broadband Internet — nice, fast Internet to boot. And, even if you did happen to know that, you probably don't care. But CIO's Bill Snyder explains why you should take note of AT&T's efforts to block the expansion of EPB's network on the grounds that 'the government should not compete with private enterprise.' At issue is more than a question of whether the greater Chattanooga area can have access to fast broadband because in all areas of the U.S. 'where big ISPs have the market to themselves, consumers often get stuck in the Web's slow lane,' says Snyder.

Submission + - Malware Hijacked To Distribute Antivirus Program

itwbennett writes: Some rogue do-gooder has 'gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced it with an installer for Avira Free Antivirus,' writes Lucian Constantin. For those unfamiliar with Dridex, it is 'one of the three most widely used computer Trojans that target online banking users' — and it's resilient: In October, 2015, one month after its administrator was arrested, it was back in full swing.

Submission + - Anti-Malware Maker Files Lawsuit Over Bad Review (csoonline.com)

itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.

Submission + - Malwarebytes Still Fixing Flaws In Antivirus Software (csoonline.com)

itwbennett writes: Malwarebytes CEO Marcin Kleczynski said in a blog post on Monday that the company has fixed several server-side vulnerabilities that were found by Google security researcher Tavis Ormandy in November, but is still testing a new version of its Anti-Malware product to fix client-side problems. Until the problems are fixed, which could take 3 or 4 weeks, customers can implement a workaround: those using the premium version of Anti-Malware 'should enable self-protection under settings to mitigate all of the reported vulnerabilities,' Kleczynski wrote.

Submission + - China's Five-Year Plan Offers Preview of Cybersecurity Targets (csoonline.com)

itwbennett writes: CrowdStrike's latest global threat report, which covers attacks by nation states, cybercriminals and hacktivists, finds that 'China is the biggest offender,' said Adam Meyers, vice president of intelligence at CrowdStrike. According to the report, the country is mostly focused on collecting intelligence that supports its economic system. China's next five-year plan is expected to be released in March, but some general information is available now and 'they're focusing on getting Western technology out,' said Meyers. Of particular interest: agricultural technologies, clean energy, high-speed railways, electric cars, computer chips, and defense technologies and operations.

Submission + - Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com)

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.

Submission + - Cisco Patches Authentication, Denial-of-Service, NTP Flaws In Many Products (csoonline.com)

itwbennett writes: Cisco Systems has released a new batch of security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

Submission + - Harvard Study Refutes 'Going Dark' Argument Against Encryption (csoonline.com)

itwbennett writes: A study from Harvard's Berkman Center for Internet Society, signed by well-known figures, including security expert Bruce Schneier, Jonathan Zittrain of Harvard Law School and Matthew G. Olsen, former director of the U.S. National Counterterrorism Center, acknowledges that while encryption will pose challenges to law enforcement in some instances, by no means will it dictate the landscape of future technology products. The study predicts that the continued expansion of Internet-connected devices — such as smart TVs and vehicles, IP video cameras and more — will offer fresh opportunities for tracking targets. 'There are and will always be pockets of dimness and some dark spots — communications channels resistant to surveillance — but this does not mean we are completely 'going dark',' the study said.

Submission + - Tablets Sales Still Shrinking -- Except Those That Are Most Like PCs, Says IDC (cio.com) 1

itwbennett writes: Tablets may have ushered in the post-PC age, but the only ones posting a growth in sales are detachables — the ones that are most like PCs and most likely to be PC replacements. This category, which includes Apple's iPad Pro and Microsoft's Surface and Surface Pro, saw 8.1 million devices shipped in the 4th quarter, more than double a year earlier, says research firm IDC. Unfortunately for Microsoft, replacing a PC can also mean replacing Windows. According to IDC the biggest-selling detachable in the fourth quarter was the iPad Pro: it estimates Apple sold just over 2 million of them.

Slashdot Top Deals

If you are smart enough to know that you're not smart enough to be an Engineer, then you're in Business.