Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - OpenSSL To Undergo Massive Security Audit

Submitted by rjmarvin
rjmarvin (3001897) writes "Now that its codebase is finally viewed as stable, OpenSSL is getting a good top-to-bottom once-over in the form of a sweeping audit As part of the Linux Foundation’s Core Infrastructure Initiative, the foundation and the Open Crypto Audit Project are sponsoring and organizing what may arguably be the highest-profile audit of a piece of open-source software in history. The audit itself will be conducted by the information assurance organization NCC Group, and its security research arm, Cryptography Services, will carry out the code review https://cryptoservices.github.... of OpenSSL's 447,247 line codebase over the next several months."

+ - New Android Trojan Fakes Device Shut Down, Spies On Users

Submitted by Anonymous Coward
An anonymous reader writes "A new Android Trojan that tricks users into believing they have shut their device down while it continues working, and is able to silently make calls, send messages, take photos and perform many other tasks, has been discovered and analyzed by AVG researchers. They dubbed it, and AVG's security solutions detect it as PowerOffHijack."

+ - BrowserStack compromised?-> 3

Submitted by algofoogle
algofoogle (3905537) writes "While not yet confirmed to be a security breach, customers of BrowserStack have apparently received a facetious email claiming the service is shutting down. The language hints at a disgruntled employee or nefarious user, alleging that aspects of the Terms of Service are false, while also revealing apparently-sensitive internal information. Whether coincidental or in response to the email, is currently offline, stating that "we're performing some maintenance at the moment"."
Link to Original Source

Comment: Advanced? Requires a Jailbreak & manual instal (Score 5, Informative) 72

by mTor (#48039717) Attached to: iOS Trojan Targets Hong Kong Protestors

Here's the actual analysis of malware:

The iOS device needs to be jailbroken in order to be infected. Then with Cydia installed, the repository would be need to be added and then the package could be installed. All thatâ(TM)s known is that both the iOS and Android attacks share a CnC server.

+ - Apple will no longer unlock most iPhones, iPads for police-> 4

Submitted by SternisheFan
SternisheFan (2529412) writes "By Craig Timberg September 17 at 9:51 PM
Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data.

The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device’s owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers.

The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement.

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its Web site. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”"

Link to Original Source

+ - Steve Jobs' office at Apple remains exactly how he left it->

Submitted by Anonymous Coward
An anonymous reader writes "Steve Jobs' office at Apple remains intact, and looks exactly the way it did when he passed away in October of 2012. This tidbit first came to the surface when a video clip of Tim Cook's interview with Charlie Rose was released earlier this week.

"I literally think about him every day," Cook explained. "His office is still left as it was. His name is still on the door.”"

Link to Original Source

+ - Snowden's Leaks Didn't Help Terrorists 1

Submitted by (3830033) writes "The Interecept reports that contrary to lurid claims made by U.S. officials, a new independent analysis of Edward Snowden’s revelations on NSA surveillance that examined the frequency of releases and updates of encryption software by jihadi groups has found no correlation in either measure to Snowden’s leaks about the NSA’s surveillance techniques. According to the report "well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them (PDF).” In fact, concerns about terrorists' use of sophisticated encryption technology predates even 9/11.

Earlier this month former NSA head Michael Hayden stated, “The changed communications practices and patterns of terrorist groups following the Snowden revelations have impacted our ability to track and monitor these groups”, while Matthew Olsen of the National Counterterrorism Centre would add “Following the disclosure of the stolen NSA documents, terrorists are changing how they communicate to avoid surveillance.” Snowden’s critics have previously accused his actions of contributing from everything from the rise of ISIS to Russia’s invasion of the Ukraine. "This most recent study is the most comprehensive repudiation of these charges to date," says Murtaza Hussain. "Contrary to lurid claims to the contrary, the facts demonstrate that terrorist organizations have not benefited from the NSA revelations, nor have they substantially altered their behavior in response to them.""

Comment: Re:Is 4chan really unprofitable? Sounds like a myt (Score 3) 79

by mTor (#46942647) Attached to: 4chan Launches '$20 Bug Bounty' After Hackers Ruin moot's Day

Good points on pricing! But like I mentioned, advertising is bringing in a lot of funds as well. Bandwidth is cheaper than ever these days and a lot of it is "subsidized" by Cloudflare which don't charge for bandwidth. 4chan also doesn't run on AWS/VMs (you can find pics of 4chan servers on 4chan blog). And we can tell how much Cloudflare costs:

So I still don't see why, after all this revenue, the site would be unprofitable. It's not like moot has a large dev team behind it.

Comment: Is 4chan really unprofitable? Sounds like a myth (Score 1) 79

by mTor (#46941659) Attached to: 4chan Launches '$20 Bug Bounty' After Hackers Ruin moot's Day

Recent hack, the one that has prompted this change in policy and security issues reward process, revealed that 4chan sold about 12740 passes this year. At the price of $20 per pass, that's about $254,800 so far. And there's also a lot of revenue coming in from advertising.

If 4chan was truly unprofitable, it would have closed years ago. Seems to me that this is just an image that the owner is trying to project.

Comment: iWatch is not about telling time (Score 1) 399

by mTor (#46860081) Attached to: Japanese and Swiss Watchmakers Scoff At Smartwatches

iWatch is not really a timepiece. It's a collection of highly sophisticated sensors that "watch" your vitals. All these other companies (Samsung etc) assumed that iWatch was just another smart watch: a watch with few apps on it. But from all the leaks and reports weâ(TM)ve seen so far (if they were to believed), iWatch is none of those things.

Yes, it will probably tell time as well but iWatch will be much more than that.

+ - James Lovelock reflects on Gaia's legacy->

Submitted by Anonymous Coward
An anonymous reader writes ""A lot of investment in green technology has been a giant scam, if well intentioned."

The quote, and entire interview, are significant for two reasons. First, the interview is seeped with many skeptical opinions about human caused global warming, is very critical of that movement's effort to politicize science, and the person being interviewed is James Lovelock, the founder of of the concept of Gaia, a former strong advocate of global warming but now a skeptic.

Most significant however is where the interview is published. It is in Nature, one of the most important and influential science journals, which previously has been aggressively pushing global warming politics for years. That they allowed these politically incorrect opinions within their walls and then broadcast them to their readers signals a major cultural shift within the science community. It is beginning to be acceptable to be a skeptic again!"

Link to Original Source

+ - Google Chrome allows websites to spy on nearby conversations->

Submitted by AllTheTinfoilHats
AllTheTinfoilHats (3612007) writes "A security flaw in Google Chrome that allows any website you visit with the browser to listen in on nearby conversations. It doesn't allow sites to access your microphone's audio, but provides them with a transcript of the browser's speech-to-text transcriptions of anything in range.

It was found by a programmer in Israel, who says Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media.

The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix."

Link to Original Source

+ - Heartbleed bug affects phones and tablets too->

Submitted by Velcroman1
Velcroman1 (1667895) writes "The Heartbleed bug is bad and affects a huge portion of all websites — as much as 66 percent of all sites around the world. Unfortunately, your smartphone isn't safe either. The bug can be exploited on mobile devices, though the risks aren’t as great as they are on a desktop computer browsing the Web. Mobile security company Lookout downplayed the risks, saying: “The good news is that we have yet to see any attacks targeting a mobile device, and while this is a credible risk, the likelihood of you encountering an exploit is low.” iOS devices are safe, and Windows Phone OS is likely safe. BlackBerry is “investigating.” But Android is vulnerable if you have version 4.1.1, according to Google."
Link to Original Source

"We don't care. We don't have to. We're the Phone Company."