Follow Slashdot stories on Twitter


Forgot your password?

Submission Summary: 0 pending, 1074 declined, 759 accepted (1833 total, 41.41% accepted)

Submission 30 years a sysadmin->

itwbennett writes: Sandra Henry-Stocker’s love affair with Unix started in the early 1980s when she 'was quickly enamored of the command line and how much [she] could get done using pipes and commands like grep.’ Back then, she was working on a Zilog minicomputer, a system, she recalls, that was 'about this size of a dorm refrigerator’. Over the intervening years, a lot has changed, not just about the technology, but about the job itself. 'We might be ‘just' doing systems administration, but that role has moved heavily into managing security, controlling access to a wide range of resources, analyzing network traffic, scrutinizing log files, and fixing the chinks on our cyber armor,’ writes Henry-Stocker. What hasn’t changed? Systems administration remains a largely thankless role with little room for career advancement, albeit one that she is quick to note is ‘seldom boring’ and ‘reasonably' well-paid.
Link to Original Source

Submission Researchers: Thousands of Medical Devices Are Vulnerable To Hacking->

itwbennett writes: At the DerbyCon security conference, researchers Scott Erven and Mark Collao explained how they located Internet-connected medical devices by searching for terms like 'radiology' and 'podiatry' in the Shodan search engine. Some systems were connected to the Internet by design, others due to configuration errors. And much of the medical gear was still using the default logins and passwords provided by manufacturers. 'As these devices start to become connected, not only can your data gets stolen but there are potential adverse safety issues,' Erven said.
Link to Original Source

Submission Newly Found TrueCrypt Flaw Allows Full System Compromise->

itwbennett writes: James Forshaw, a member of Google's Project Zero team has found a pair of flaws in the discontinued encryption utility TrueCrypt that could allow attackers to obtain elevated privileges on a system if they have access to a limited user account. 'It's impossible to tell if the new flaws discovered by Forshaw were introduced intentionally or not, but they do show that despite professional code audits, serious bugs can remain undiscovered,' writes Lucian Constantin.
Link to Original Source

Submission Europe Agrees To Agree With Everyone Except US What 5G Should Be->

itwbennett writes: Following agreements signed by the EU with South Korea in June 2014 and with Japan in May 2015, the EU and China 'have agreed to agree by the end of the year on a working definition for 5G,' reports Peter Sayer. 'About the only point of agreement so far is that 5G is what we'll all be building or buying after 4G, so any consensus between the EU and China could be significant,' says Sayer.
Link to Original Source

Submission Saudi Arabia Almost Bought Hacking Team->

itwbennett writes: If hacked emails posted by WikiLeaks are to be believed, the Saudi Arabian government came close to buying control of Italian surveillance software company Hacking Team, Philip Wilan reports. 'The negotiations were handled by Wafic Said, a Syrian-born businessman based in the U.K. who is a close friend of the Saudi royal family, and also involved Ronald Spogli, a former U.S. ambassador to Italy, who had an indirect investment in Hacking Team,' writes Wilan. The deal collapsed in early 2014.
Link to Original Source

Submission EFF To Offer Trusted SSL Certificates To the Public, For Free->

itwbennett writes: The Electronic Frontier Foundation (EFF) has jumped through all the necessary hoops to become a certificate authority and soon will begin offering trusted SSL certificates to the public, for free. The official certificate authority is called Let's Encrypt and it just issued its first certificate 10 days ago, but it has not yet been added as a trusted authority. Let's Encrypt has set a public availability date of November 14th 2015, at which time their root certificate will have been cross-signed and the general public will be able to obtain free, trusted certificates.
Link to Original Source

Submission HP Adds Protection Against Firmware Attacks to Enterprise Printers->

itwbennett writes: Researchers have been demonstrating attacks against printers for years. Now, Hewlett-Packard has started building defenses directly into its printers' firmware instead of just patching individual vulnerabilities. The company's new M506, M527 and M577 series of LaserJet Enterprise printers, set to go on sale in October and November, will have built-in detection for unauthorized BIOS and firmware modifications.
Link to Original Source

Submission Hack iOS 9 and Get $1 Million, Cybersecurity Firm Says->

itwbennett writes: Exploit acquisition company Zerodium has $3 million to buy iOS jailbreaks. 'Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits (aka zero-days) which are combined to bypass all iOS 9 exploit mitigations including: ASLR, sandboxes, rootless, code signing, and boot chain,' Zerodium said on its iOS 9 Bug Bounty page
Link to Original Source

Submission Legislation Requiring Tech Industry To Report Terrorist Activity Dropped->

itwbennett writes: John Ribeiro reports that 'the U.S. Senate Intelligence Committee has dropped a provision that would have required Internet companies to report on vaguely-defined terrorist activity on their platforms.' The draft legislation, which was unanimously passed by the Committee in July, was widely derided by the tech industry for its technical difficulty and by users for invasion of privacy.
Link to Original Source

Submission Michigan Sues HP Over Decade Long, $49 Million Incomplete Project->

itwbennett writes: On Friday, embattled HP was hit with a new lawsuit filed by the state of Michigan over a 10-year-old, $49 million project that called for HP to replace a legacy mainframe-based system built in the 1960s. Through the suit filed in Kent County Circuit Court, the state seeks $11 million in damages along with attorney's fees and the funds needed to rebid and reprocure the contract.
Link to Original Source

Submission Intel Kills a Top-of-the-Line Processor->

itwbennett writes: In June of this year, Intel announced a processor branded as Broadwell-C. Now, the company has confirmed that the part was cancelled but would not give an official reason. Why did Intel kill the Broadwell-C? ITworld's Andy Patrizio speculates that it's a 'combination of increased cost, lower yield and potential product cannibalization' — cannibalization of the company's newly-launched Skylake processor, which the Broadwell-C outperformed.
Link to Original Source

Submission XPRIZE's Jono Bacon On Leaving Open Source and the Next Great Challenge->

itwbennett writes: After just under 8 years at Canonical where he was Community Manager of Ubuntu, Jono Bacon left in search of a new challenge. Now, a year and a half into his tenure at the XPRIZE Foundation as Senior Director of Community, Bacon reflects on the changing nature of community and how he is working to bring the 'anybody can play a role in a bigger picture' aspect of open source to 'solve the grand challenges facing humanity.'
Link to Original Source

Submission Attackers Install Highly Persistent Malware Implants On Cisco Routers->

itwbennett writes: Researchers from Mandiant have detected a real-world attack that has installed rogue firmware on Cisco business routers in four countries. The router implant, dubbed SYNful Knock, implements a backdoor password for privileged Telnet and console access and also listens for commands contained in specifically crafted TCP SYN packets — hence the name SYNful Knock. In the cases investigated by Mandiant the SYNful Knock implant was not deployed through a vulnerability, but most likely through default or stolen administrative credentials.
Link to Original Source

Submission Survey: IT Worker Shortage Persists, Costs Businesses Dearly->

itwbennett writes: A survey of 200 US and UK C-level executives by enterprise crowdsourcing services company Appirio and Wakefield Research finds that the ongoing shortage of tech workers is bad for business. Among the findings: Twenty-five percent of IT projects are abandoned as a result of the shortage of qualified IT workers, and those projects that do get finished are delayed by an average of five months. Also, an estimated 25 percent of IT staffers leave their positions each year and more than one-third of total HR budgets are now dedicated to recruiting and retaining technical talent. So, what about this 'gig economy' we've been hearing so much about? Seventy-seven percent of survey respondents said they expect the gig economy to result in the loss of IT staff; nearly half view 'gig' workers as less reliable and knowledgeable than full-time employees.
Link to Original Source