Follow Slashdot stories on Twitter


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - Researcher Hijacks Embedded Devices for Internet Scanning (

itwbennett writes: "Highlighting the potential for abuse of poorly configured embedded systems, an anonymous researcher created a massive botnet by hijacking about 420,000 Internet-accessible embedded devices with default or no login passwords and used it to map the entire Internet. On a website dedicated to the project, the researcher called it 'the largest and most comprehensive IPv4 [Internet Protocol version 4] census ever.'"

Submission + - Credit Report Site Likely Source Of Stolen Celebrity Data (

itwbennett writes: "A website that provides consumers with a free annual credit report appears to have been the source used by hackers to download reports on celebrities, including former Secretary of State Hillary Clinton, Beyoncé and Jay Z, Michelle Obama, Vice President Joe Biden, Hulk Hogan, Donald Trump, U.S. Attorney General Eric Holder, and FBI Director Robert Mueller, among others."

Submission + - Five More Holes Reported in Java (

itwbennett writes: "No sooner does Oracle issue a patch for one Java hole, then a new one (or in this case 5) is discovered. On Monday, Adam Gowdiak of the Polish security firm Security Exploration claimed in a post on the Full-Disclosure security discussion list that he has found five new Java vulnerabilities. When combined, the five vulnerabilities can be used to 'gain a complete Java security sandbox bypass' in the environment running the vulnerable version of Java."

Submission + - Chinese Cyberspies Outed By Social Media Accounts (

itwbennett writes: "One interesting footnote to the report on Chinese Army hackers, discussed on Slashdot and elsewhere, is that Mandiant tracked them on their own social media accounts. 'Of course, services like Facebook, Twitter, and Google are prohibited by the Great Chinese Firewall. But the army hackers working within the Datong Road compound just outside Shanghai are not encumbered by China’s Internet censors. So they used Gmail and Facebook and Twitter to communicate, which helped Mandiant track down their identities,' writes privacy blogger Dan Tynan."

Submission + - Peter Sunde: Life After The Pirate Bay (

itwbennett writes: "Two years ago, Peter Sunde, who once ran the world's largest bittorrent site, was sentenced to 8 months in prison. Today, he lives a quiet life in southern Sweden trying not to get the attention of police, who, he says may have a warrant for his arrest. In fact, there is a room waiting for him at the Västervik prison, but Sunde is doing his best to stay out of it. In an interview with the IDG News Service, Sunde says there's only one thing he regrets: 'I should have told Gottfrid to encrypt his hard drive. That's where the evidence came from. Even though he works professionally with security, I should have told him,' he says."

Submission + - How Facebook Wants You To Deal With Identity Thieves (

itwbennett writes: "If someone steals your identity on Facebook, here's what Facebook wants you to do: 'Go to the imposter’s Timeline, click the downward arrow in the settings box, and select Report/Block,' writes privacy blogger Dan Tynan. Sounds reasonable, except that smart faker's have discovered a foolproof workaround: Block the real user. If you can't get to the page, you can't report it. Oh, and there's one other tool Facebook has given you to report fakes, says Tynan: A webform that only works if you don't have a Facebook account."

Submission + - Government Work Too Boring, Says Chinese Ex-Hacker (

itwbennett writes: "Now working at IBM, 41-year-old Tao Wan, who was once a member of the Green Army hacker group, is dismissive of today's young Chinese hackers. Wan told the audience at the Power of Community security conference in Seoul that 'this generation of hackers are not that technically capable, they just like to show off — young kids with a low technical ability.' Wan went on to say that China's 'overall hacking ability is still less sophisticated that other countries' and that 'they need to become more competitive.' For himself, however, Wan said government work was to boring to pursue."

Submission + - Software Targeted by Stuxnet Still Full of Holes (

itwbennett writes: "'It's easy to find a vulnerability in WinCC. You can just point at it,' said Sergey Gordeychik, CTO of Moscow-based Positive Technologies, referring to the more than 50 vulnerabilities he and his team have found in WinCC, a type of SCADA system. At Siemens's request, Gordeychik had canceled a Defcon presentation this summer to give the company time to patch WinCC. On Thursday, however, Gordeychik, along with colleague Gleb Gritsai, presented an overview of the research: 'Gritsai showed how, when an industrial system operator is using the same browser to access both the open Internet and WinCC's web interface, a vulnerability can be exploited to obtain login credentials for the back-end SCADA network.'"

Submission + - For Sale: New Windows 8 Zero-Day Vulnerability (

itwbennett writes: "French security company Vupen posted a 'for sale' notice on Twitter Wednesday, advertising its 'first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed).' Vupen didn't publish a price tag for the vulnerability, but 'the value of the bug will only increase with time, of course, the longer Vupen sits on it and if no one else stumbles upon it,' says Jody Melbourne, a penetration tester and senior consultant with the Sydney-based Australian security company HackLabs."

Submission + - Who Is Tweeting From the NSA's Parking Lot? (

itwbennett writes: "At the Breakpoint security conference on Wednesday, Roelof Temmingh showed how his company's open source application collects publicly available online information to analyze individuals and organizations. In the demonstration, Temmingh used the software to locate a Twitter user in the NSA's parking lot, and then search across other social sites to dig up a full profile, including a photo, mail address, date of birth, travel history, employment and education history."

Submission + - Android NFC Hack Lets You Ride Free (

itwbennett writes: "At the EUSecWest security conference in Amsterdam, researchers showed how their 'UltraReset' Android app can read the data from a subway fare card, store that information, and reset the card to its original fare balance. The researchers said that the application takes advantage of a flaw found in particular NFC-based fare cards that are used in New Jersey and San Francisco, although systems in other cities, including Boston, Seattle, Salt Lake City, Chicago and Philadelphia, could also be vulnerable."

Submission + - Microsoft Finds Malware on New Computers in China (

itwbennett writes: "This is what you call a double whammy. Microsoft has found new laptops and desktops being sold in China that come pre-installed with malware embedded in counterfeit versions of Windows. The malware discovery led to a larger investigation into the Nitol botnet and culminated in the shutdown of the command-and-control system connected to computers infected with Nitol."

Submission + - Apple UDIDs Stolen From Digital Publishing Firm (

itwbennett writes: "The 1 million Apple device UDIDs that were leaked last week were stolen from digital publisher Bluetoad, the company's CEO Paul DeHart in wrote in a blog post Monday. In describing the theft from its servers, BlueToad downplayed the risk to information types other than UDIDs: 'BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information,' DeHart said."

It is easier to change the specification to fit the program than vice versa.