Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Submission + - World's most complex PoS malware discovered, plunders millions from US (theregister.co.uk)

mask.of.sanity writes: The world's most complex point of sales malware has been discovered having already ripped millions of bank cards from top household US national retailers and setting an entire sector on edge as the festival shopping bonanza ramps up. The ModPOS malware has pilfered "multiple millions" of debit and credit cards from the unnamed but large retail companies incurring millions of dollars in damages.

Submission + - New Android phones hijackable with Chrome exploit (theregister.co.uk)

mask.of.sanity writes: Google's Chrome for Android has been popped with a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference, targets the JavaScript v8 engine and compromises phones when users visit a malicious website. It is also notable in that it is a single clean exploit that does not require chained vulnerabilities to work.

Submission + - Security threat researchers face revenge of spy agencies (theregister.co.uk)

mask.of.sanity writes: Researchers tasked with revealing malware attack campaigns are being harassed, locked out of tenders, and in some cases deported. The retaliation by the unnamed spy agencies is in direct response to the popular published advanced-persistent threat campaigns that have coloured information security reporting over recent years. More details from researcher Juan Andrés Guerrero-Saade are available in a paper (pdf).

Submission + - Inside Mandiant's biggest forensics breach battle: Is this Anthem? (theregister.co.uk)

mask.of.sanity writes: Four researchers from American cybersecurity firm Mandiant have engaged in an eight-month epic battle against hackers behind one of the biggest breaches of this year.

The quartet is not saying who the victim is, nor identifying the attackers. However, it is at the level of, and very-well could be, health insurers Anthem or Premera hit earlier this year.

The breach investigation was so complex and massive that the forensics team tasked with battling the hackers say it is likely the most challenging in the firm's history. That is noteworthy in that the company is among America's most prominent forensics firms.

Submission + - Microsoft, Tesla, build smart, adaptable, long-life battery that predicts usage (theregister.co.uk)

mask.of.sanity writes: Engineers from Microsoft, Tesla, and Columbia and Massachusetts universities have teamed up to develop what on paper looks like a revolution in consumer battery technology that meets demands for fast charge, long life, and the ability to bend. The "Software-Defined Battery" system allows different batteries with different chemistries to be integrated into the same system. Fast charging and the ability to work for longer by adapting to different tasks are the result of the blended battery plan. Read the PDF paper.

Submission + - iCloud celebrity hacker admin reveals RipSec, says 11,300 accounts raided (theregister.co.uk)

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipShock using a photoshopped naked image of major TV star who offered access to her iCloud account.

Submission + - Inside the booming, unhinged, and dangerous malvertising menace (theregister.co.uk)

mask.of.sanity writes: A feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim.

Submission + - High-heeled hacker builds pen-test kit into skyscraper shoes (theregister.co.uk)

mask.of.sanity writes: A Chinese hardware hacker has created a penetration testing toolkit built into high-heeled shoes to help social engineers slip hacking tools into secure areas. The WiFi-popping platforms were forged in a 3D printer and contain spacing so that hacking hardware can be hidden to bypass strict security checks in place at datacentres and the like and later retrieved.

Original imgur.com album source is somewhat NSFW.

Submission + - Microsoft drops out-of-band Internet Explorer fix for remote code executio hole (theregister.co.uk)

mask.of.sanity writes: Microsoft has released an out-of-band patch for Internet Explorer versions seven to 11 that closes a dangerous remote code execution flaw allowing attackers to commandeer machines.

The attack will be a highly useful tool in hacker arsenals likely allowing them to build powerful phishing, watering hole, and malvertising campaigns. Windows 10 Edge browser is not impacted.

Submission + - Gazan medico team 3D-prints world-leading stethoscope for 30c (theregister.co.uk)

mask.of.sanity writes: Tarek Loubani, an emergency physician working in the Gaza strip, has 3D-printed a 30 cent stethoscope that beats the world's best $200 equivalent as part of a project to bottom-out the cost of medical devices.

Loubani together with a team of medical and technology specialists designed the stethoscope and tested it against global standard benchmarks, finding it out performed the gold-standard Littmann Cardiology 3. They now intend to make a range of ultra-low cost medical devices for the developing world.

Submission + - Easy to exploit critical BIND DoS bug affects all DNS (theregister.co.uk)

mask.of.sanity writes: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. Attackers can send a crafted DNS query packet to trigger a REQUIRE assertion failure, causing BIND to exit.

Submission + - Hackers flay open Italian surveillance company Hacking Team (theregister.co.uk)

mask.of.sanity writes: Italian surveillance software outfit Hacking Team has allegedly been cracked by hackers who exfiltrated some 400Gbs of data and upoaded it to BitTorrent.

The data allegedly includes audio recordings, emails, and source code for its popular Da Vinci malware surveillance software it sells to law enforcement agencies claiming to only deal with ethical governments. The company is marked as an Enemy of the Internet by activist outfit Reporters Without Borders.

The hackers also hijacked Hacking Team's Twitter account where they are revealing alleged email screenshots from Hacking Team's CEO, revealing customers and other sensitive internal discussions.

The leaked stolen data if accurate will result in a massive fall out for the company in the coming days.

Submission + - Killer character HOSES almost all versions of Adobe Reader, Windows (theregister.co.uk)

mask.of.sanity writes: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defences.

The accomplished offensive security researcher published a video demonstration of the exploit for 32-bit and 64-bit systems. His slides are here [PDF].

Submission + - Spooks BUSTED: 27,000 profiles reveal new intel ops, home addresses (theregister.co.uk)

mask.of.sanity writes: Researchers have collected the LinkedIn profiles of 27,000 intelligence officers they say are working on surveillance programs.

The resulting dump not only names the officers, but in some cases tells you where they live, and has revealed codenames and context for new intelligence programs.

The records are compiled into the ICWatch database searchable by company, title, name, and location.

Anything cut to length will be too short.