Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Businesses

Security Researchers Wary of Wassenaar Rules 34

Posted by samzenpus
from the rules-of-the-game dept.
msm1267 writes: The Commerce Department's Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries. For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.
Communications

Academics Build a New Tor Client Designed To Beat the NSA 60

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Privacy

CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach 82

Posted by timothy
from the camel-cased-in-triplicate dept.
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.
Government

US Proposes Tighter Export Rules For Computer Security Tools 125

Posted by timothy
from the we'd-like-to-inspect-that-package dept.
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
Bug

Linux 4.0 Has a File-System Corruption Problem, RAID Users Warned 222

Posted by timothy
from the don't-store-the-ark-there dept.
An anonymous reader writes: For the past few days kernel developers and Linux users have been investigating an EXT4 file-system corruption issue affecting the latest stable kernel series (Linux 4.0) and the current development code (Linux 4.1). It turns out that Linux users running the EXT4 file-system on a RAID0 configuration can easily destroy their file-system with this newest "stable" kernel. The cause and fix have materialized but it hasn't yet worked its way out into the mainline kernel, thus users should be warned before quickly upgrading to the new kernel on systems with EXT4 and RAID0.

+ - GamerGate critic posts death threat voicemail after inaction by prosecutor

Submitted by AmiMoJo
AmiMoJo writes: Game developer and tech diversity advocate Brianna Wu has been complaining about the lack of action by a prosecuting attorney in response to a death threat voicemail she said she received. On Tuesday, she posted a copy of the voicemail (trigger warning, NSFW).

Wu called upon Columbus, Ohio prosecuting attorney Ron O'Brien to issue a subpoena for the name attached to phone records. "If [O'Brien] wished, he could bring criminal charges against this man by the end of the day". She continued "there’s a longer story here about my frustration with working with law enforcement. I’m trying to get anyone to bring a case to trial. I have had dozens upon dozens of meetings, phone calls, and visits from multiple law enforcement agencies—including the Department of Homeland Security, the FBI, federal prosecutors, state prosecutors, Congress, and local police."
Earth

Oldest Stone Tools Predate Previous Record Holder By 700,000 Years 103

Posted by samzenpus
from the back-in-the-day dept.
derekmead writes: The oldest stone tools ever found have been discovered by scientists in Kenya who say they are 3.3m years old, making them by far the oldest such artifacts discovered. Predating the rise of humans' first ancestors in the Homo genus, the artifacts were found near Lake Turkana, Kenya. More than 100 primitive hammers, anvils and other stone tools have been found at the site. An in-depth analysis of the site, its contents, and its significance as a new benchmark in evolutionary history will be published in the May 21 issue of Nature.
Sci-Fi

Secret Files Reveal UK Police Feared That Trekkies Could Turn On Society 214

Posted by samzenpus
from the live-long-and-riot dept.
An anonymous reader writes: Scotland Yard was worried that fans of shows like the X Files and Star Trek might run amok during the Millennium according to secret files. The file, called UFO New Religious Movements (NRMs) And The Millennium, reveals that anti-terrorism experts were also concerned about the brain-washing effect of Dark Skies, Roswell, Millennium and The Lawnmower Man on viewers. According to the Telegraph: "The secret briefing note was obtained from the Met under the Freedom of Information Act by Sheffield-based British X-Files expert Dr Dave Clarke while researching a new book, How UFOs Conquered the World. Dr Clarke, who teaches investigative journalism at Sheffield Hallam University, said: 'The documents show the police and security services were concerned about the export of some new religious movements concerning UFOs and aliens from the USA in the aftermath of the mass suicide by followers of the Heaven's Gate.'"
The Almighty Buck

FBI: Social Media, Virtual Currency Fraud Becoming a Huge Problem 39

Posted by samzenpus
from the buy-my-web-dollars dept.
coondoggie writes: Criminals taking advantage of personal data found on social media and vulnerabilities of the digital currency system are two of the emerging Internet law-breaking trends identified by the FBI's Internet Crime Complaint Center (IC3) in its annual look at online crime. The IC3 said 12% of the complaints submitted in 2014 contained a social media trait. Complaints involving social media have quadrupled over the last five years. In most cases, victim’s personal information was exploited through compromised accounts or social engineering.
Power

Hydrogen-Powered Drone Can Fly For 4 Hours at a Time 116

Posted by samzenpus
from the different-way-to-fly dept.
stowie writes: The Hycopter uses its frame to store energy in the form of hydrogen instead of air. With less lift power required, its fuel cell turns the hydrogen in its frame into electricity to power its rotors. The drone can fly for four hours at a time and 2.5 hours when carrying a 2.2-pound payload. “By removing the design silos that typically separate the energy storage component from UAV frame development - we opened up a whole new category in the drone market, in-between battery and combustion engine systems,” says CEO Taras Wankewycz.

+ - Hydrogen-Powered Drone Flies for 4 Hours->

Submitted by stowie
stowie writes: Hycopter uses its frame to store energy in the form of hydrogen instead of air. With less lift power required, Hycopter’s fuel cell turns the hydrogen in its frame into electricity to power its rotors. Hycopter can fly for four hours at a time and 2.5 hours when carrying a 2.2-pound payload. "By removing the design silos that typically separate the energy storage component from UAV frame development — we opened up a whole new category in the drone market, in-between battery and combustion engine systems."
Link to Original Source
Security

How 1990s Encryption Backdoors Put Today's Internet In Jeopardy 42

Posted by samzenpus
from the grunge-net dept.
An anonymous reader writes: While debate swirls in Washington D.C. about new encryption laws, the consequences of the last crypto war is still being felt. Logjam vulnerabilities making headlines today is "a direct result of weakening cryptography legislation in the 1990s," researcher J. Alex Halderman said. "Thanks to Moore's law and improvements in cryptanalysis, the ability to break that crypto is something really anyone can do with open-source software. The backdoor might have seemed like a good idea at the time. Maybe the arguments 20 years ago convinced people this was going to be safe. History has shown otherwise. This is the second time in two months we've seen 90s era crypto blow up and put the safety of everyone on the internet in jeopardy."

+ - The Myth of Outsourcing's Efficiency

Submitted by Presto Vivace
Presto Vivace writes: Why outsourcing winds up producing cost creep over time

Outsouring over time starts to create its own bureaucracy bloat. It’s the modern corporate version of one of the observations of C. Northcote Parkinson: “Officials make work for each other.” As Clive describes, the first response to the problems resulting from outsourcing is to try to bury them, since outsourcing is a corporate religion and thus cannot be reversed even when the evidence comes in against it. And then when those costs start becoming more visible, the response is to try to manage them, which means more work (more managerial cost!) and/or hiring more outside specialists (another transfer to highly-paid individuals).

Biotech

After a Year of Secret Field-Testing, Brain-Controlled Bionic Legs Are Here 50

Posted by Soulskill
from the i'll-order-a-dozen dept.
An anonymous reader writes: Today, an Icelandic prosthetic-maker announced that two amputees have been testing brain-controlled bionic legs for over a year. The devices respond to impulses in the subjects' residual limbs, via sensors that were implanted in simple, 15-minute-long procedures. "When the electrical impulse from his brain reaches the base of his leg, a pair of sensors embedded in his muscle tissue connect the neural dots, and wirelessly transmit that signal to the Proprio Foot. Since the command reaches the foot before the wearer's residual muscles actually contract, there's no unnatural lag between intention and action." This is a huge step forward (sorry) for this class of bionics. It may seem like a solved problem based on reports and videos from laboratories, but it's never been exposed to real world use and everyday wear and tear like this.
Encryption

'Logjam' Vulnerability Threatens Encrypted Connections 71

Posted by Soulskill
from the another-day-another-vulnerability dept.
An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."

Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...