Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Initial thoughts? (Score 1) 39

First, let's see if Apple lets this go through their App Store approval process. Memory serves, custom API's are something that gets strict scrutiny. Likewise, if Mozilla can't get their own engine through with Firefox, what makes you think that Microsoft will be able to replace the Siri functionality? Second, Apple, who wrote the iOS platform, who integrated Siri, who dedicates a ton of resources to stopping jailbreakers (more so than any other security team in the company it seems) has had bugs where Siri was used to bypass protection measures. What makes anyone think that Microsoft will do any better? No thank you, I just assume have as little Microsoft code running on my iOS devices as possible.

Submission + - Lenovo Says Linux Voids Your Warrenty 4

altools writes: I called Lenovo because my computer occasionally freezes on the press f2 to enter set up screen and asked to schedule a service ticket as it's warranty expires in January. I also reported that the wireless device and power cord intermittently aren't detected. I put Linux on it the second I opened the box and have been using it for the last 10 months when I started noticing the power/usb jack getting loose and it locking up on the press f2 to enter set up screen. I called Lenovo's tech support and reported the issues, she set up the ticket, and told me they possibly would negotiate fees to repair the hardware at their desecration, but before placing the ticket told me that the system was holding up the ticket. She then told me the reason was because I had voided the warranty by installing Linux on the computer. Good to know installing Linux voids your warranty at Lenovo.

Submission + - US Sanctions against China for Hacking? (threatpost.com)

An anonymous reader writes: The U.S. government is purportedly readying economic sanctions against China and is prepared to call out several Chinese companies and individuals for committing cyber espionage.

It’s not exactly clear when the Obama administration will levy the sanctions, but according to an article from Sunday’s Washington Post which cites several unnamed administration officials, there’s a chance they could come down in the next two weeks.

Details regarding what the sanctions would cover weren’t published, but the Post suggests they will likely come as a response to “cyber-economic espionage initiated by Chinese hackers.”

Comment Viruses and worms on a Mac (Score 1, Insightful) 119

https://threatpost.com/writing... I appreciate the obligatory, and perhaps it'll be mod'ed to funny. But there's some truth in the statement, but not for reasons people believe. Mac's are not really any more secure than any other OS. They do have better security models in the creation of their OS's than say Windows, but they aren't invulnerable. The biggest threat to Mac's is complacency. The article from threatpost above breaks this down very well. I'm actually happy to see the flatworm concept attacking the thunderbolt firmware because it shows that simple file heuristics on Mac's is insufficient to detecting adverse threats on the platform. Perhaps we'll start seeing better threat detection techniques for the OSX platform (or ANY threat detection on the iOS platform).

Submission + - Office of Personnel Management. Not a hack: a Giveaway!

bbsguru writes: According to ArsTechnica The OPM loss of personal info on 14 million-and-counting US Federal empolyees and contractors wasn't so much a theft as a sharing...

From the article...
Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'

Submission + - Bad day for Cyber (kgmi.com)

mitcheli writes: From the "skynet-has-become-selfaware" dept:
In short order, three major outages occurred morning. First United Airlines reported a system wide grounding of all flights due to "technical difficulties" with little details to follow. Following that, the New York Stock Exchange reported "technical difficulties" while suspending all trading. And now the Wall Street Journal's website is in limited operations due to "technical difficulties". While initial reports on NYSE state that there is no malicious activity as a result of the outage, few details have been released at this time.

Comment Re:Security (Score 3, Interesting) 56

Why does /. even bother posting Microsoft stories? It just brings out the cynical doomsayers who still live like it's 1995.

As a Microsoft Doomsayer, I'm not immune from jumping on this article to predict the future of how new zero day's will result in the mass pwning of Grandma's computers everywhere. That being said, I'm not blind to the fact that Apple is gaining an increased market share and that as time goes on, they will become an increasingly targeted platform as the profitability (be it in information or money) increases. Microsoft does have what appears to be a more responsive patch process than Apple. Apple is very slow at responding to reported exploits (albeit, Microsoft has been known to half-ass patch and to sit on patches as well). In any case, my biggest issue with this report is I'm curious how much community involvement Microsoft had with the development of this new protocol. In the past, they just create crap in-house without the involvement of industry partners (sometimes even closing them out of those conversations). The problem with this is there is less industry oversight on potential weaknesses and less input on modifications that can strengthen the underlying protocol. Protocols in particular are not something that needs to be developed by a small team of engineers without support of the industry as a whole, less you get protocols like SMTP (who's author is on record of apologizing profusely for not building in security). So, as a Microsoft doomsayer, I shall sit back and wait with my "I told you so" in my back pocket. In the meantime, IE/Edge/whatever the hell they want to call it can stay off my computer thank you very much.

Comment Does this really surprise us? (Score 2) 50

With every major Nation in the world trying to glean intelligence from Tor, every major law enforcement agency trying to track down child porn and drugs, and several very high profile leaks involving highly classified information that have caused extreme harm to several western countries (the US not being the only one), and with several academic professors intrigued; does it not surprise us that the protocol of Tor (to include Bridges and Hidden Services) would be analyzed and profiled to the tiniest of details to determine areas of exploitation of the protocol?

Comment But it might (Score 1) 55

The problem with this idea is that as TPB migrates to additional domains, it leaves open a few possibilities. First, sites opposed to TPB will create malicious sites to try and spoof TPD to collect data, spread malware, and otherwise degrade the services that TPB offers. Second, while rapid DNS techniques are well implemented in malware like botnets, it's not a capability that the average Joe can keep track of, so without some form of front end that can track and change with the rotating DNS entries, people will get frustrated and stop using the service. And this is exactly what the opposition wants. It's time that many of these types of technologies go through redesign again. And they must be redesigned from the protocol level. TPB succeeded where Napster didn't because the content being traded was not hosted with TPB. But they are still centrally located for the purpose of search and front end to the users. Anytime a bellybutton can be poked, it will be. So the protocol must be designed to prevent ANY centralized management. Next, any protection mechanisms (trust models, etc) that are built into the protocols used must be extremely well thought out. When analyzing for protocol weakness, rules matter. If only certain nodes are allowed to be "trusted" ,then you can better bet that those wishing to exploit it will design a node to be trusted. Protocols must also be non-differential at all levels, from the handshake of the SSL layer down to the initial HELO to the transmission characteristics of how it sends data. If the protocol can be differentiated, it can be blocked, tracked, hacked, or otherwise interfered with. Simply wrapping it in Tor isn't going to work. There are ample talks out there on how Tor traffic can be characterized and interfered with.

Submission + - Bittorrent brings Bleep (9to5mac.com)

mitcheli writes: From the "Not-on-my-watch" Dept:
If you want the security of knowing your voice, text and picture messages can’t be intercepted, direct peer-to-peer communication with end-to-end encryption is the gold standard: and that’s what BitTorrent offers with its Bleep app. Every conversation is between you and your friends. There is no cloud to hack because messages are never stored in the cloud. For text messages and photos, Bleep offers the choice of Whispers – where both text and images disappear when they’ve been read – and Messages, which stores them locally on the device. You can also make voice calls with the same peer-to-peer encrypted technology

Adapt. Enjoy. Survive.