Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Submission + - Massive, Decades-Long Cyberespionage Framework Exposed

Trailrunner7 writes: Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. The attackers, known as the Equation Group, used two of the zero days contained in Stuxnet before that worm employed them and have used a number of other infection methods, including interdicting physical media such as CDs and inserting their custom malware implants onto the discs.

Some of the techniques the group has used are closely associated with tactics employed by the NSA, specifically the interdiction operations and the use of the LNK vulnerability exploit by Stuxnet.

The Equation Group has a massive, flexible and intimidating arsenal at its disposal. Along with using several zero days in its operations, the attack crew also employs two discrete modules that enable them to reprogram the hard drive firmware on infected machines. This gives the attackers the ability to stay persistent on compromised computers indefinitely and create a hidden storage partition on the hard drive that is used to store stolen data. At the Security Analyst Summit here Monday, researchers at Kaspersky presented on the Equation Group’s operations while publishing a new report that lays out the inner workings of the crew’s tools, tactics and target list. The victims include government agencies, energy companies, research institutions, embassies, telecoms, universities, media organizations and others. Countries targeted by this group include Russia, Syria, Iran, Pakistan, China, Yemen, Afghanistan, India but also US and UK, between and several others.

Submission + - First OSX Bootkit Revealed

Trailrunner7 writes: A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac.

The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson’s bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple’s RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker’s key. The attack also disables the loading of further Option ROMs, closing that window of opportunity. A weaponized version of this attack would have free ring0 reign over the system.

Apple has only partially addressed the vulnerability behind this.

Submission + - FBI Issued 19,000 National Security Letters in 2013

Trailrunner7 writes: The United States federal government issued more than 19,000 National Security Letters–perhaps its most powerful tool for domestic intelligence collection–in 2013, and those NSLs contained more than 38,000 individual requests for information.

The new data was released by the Office of the Director of National Intelligence on Friday as part of its effort to comply with a directive from President Obama to declassify and release as much information as possible about a variety of tools that the government uses to collect intelligence. The directive came in the immediate aftermath of the first revelations by former NSA contractor Edward Snowden about the agency’s capabilities, methods and use of legal authorities.

The use of NSLs is far from new, dating back several decades. But their use was expanded greatly after 9/11 and NSLs are different from other tools in a number of ways, perhaps most importantly in the fact that recipients typically are prohibited from even disclosing the fact that they received an NSL. Successfully fighting an NSL is a rare thing, and privacy advocates have been after the government for years to release data on their use of the letters and the number of NSLs issued. Now, the ODNI is putting some of that information into the public record.

Submission + - New 'Mask' APT Campaign Called Most Sophisticated Yet (

Gunkerty Jeb writes: A group of high-level, nation-state attackers has been targeting government agencies, embassies, diplomatic offices and energy companies with a cyber-espionage campaign for more than five years that researchers say is the most sophisticated APT operation they’ve seen to date. The attack, dubbed the Mask, includes a number of unique components and functionality and the group behind it has been stealing sensitive data such as encryption and SSH keys and wiping and deleting other data on targeted machines.

Submission + - Facebook is "dead and bured" to young users (

JoeyRox writes: The recent decline in Facebook's popularity with teenagers appears to be worsening. A Global Social Media Impact study of 16 to 18 year olds found that many considered the site "uncool" and keep their profiles alive only to keep in touch with older relatives, for whom the site remains popular. Researches say teens have switched to using WhatsApp, Snapchat, and Twitter in place of Facebook.

Submission + - Glut in Stolen Identities Forces Price Cut (

CowboyRobot writes: The price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity. For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there. Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250.

Submission + - `Terminator` robots that can self-heal (

kulnor writes: "Researchers in Spain have discovered the first self-healing polymer that spontaneously and independently repairs itself without any intervention. The new material could be used to improve the security and lifetime of plastic parts in everyday products such as electrical components, cars and even houses. The researchers have dubbed the material a "Terminator" polymer in tribute to the shape-shifting, molten T-100 terminator robot from the 'Terminator 2' film."

Submission + - Government to Release Hundreds of Documents on NSA Spying

Trailrunner7 writes: In response to a lawsuit by the Electronic Frontier Foundation, the Department of Justice is preparing to release a trove of documents related to the government’s secret interpretation of Section 215 of the PATRIOT Act. The declassified documents will include previously secret opinions of the Foreign Intelligence Surveillance Court.

The decision by the Justice Department to release the documents is the second legal victory in recent weeks for the EFF related to the National Security Agency’s intelligence collection programs. In August, the group won the release of a 2011 FISC opinion that revealed that the court ruled that some of the NSA’s collection programs were illegal and unconstitutional. The newest decision will result in the release of hundreds of pages of documents related to the way the government has been interpreting Section 215, which is the measure upon which some of the NSA’s surveillance programs are based.

In a status report released Wednesday regarding the EFF’s suit against the Department of Justice, attorneys for the government said that they will release the documents by Sept. 10.

Submission + - WhatsApp Weakness 'Could Expose PayPal, Google Accounts'

twoheadedboy writes: WhatsApp, the popular messaging app, isn't doing SSL as securely as it could/should be, according to security researchers. When a user wants to pay for a licence on an Android device, an in-app browser appears to let the transaction go ahead. But the connection between the browser and the WhatsApp server isn't protected by SSL, even if the connection to the payment services is. That's bad, as it can let hackers carrying out man-in-the-middle attacks know when a WhatsApp user is connecting to a payment service, like PayPal and Google Wallet, as offered by WhatsApp, They can then serve up phishing pages to the user and steal their payment login details. "It's serious as it's a complete and utter failure of HTTPS," says security expert Troy Hunt.

Submission + - Aaron Swartz Case: Deja Vu All Over Again for MIT

theodp writes: On Saturday, questions for MIT's Aaron Swartz investigation were posted on Slashdot with the hope that MIT'ers might repost some to the MIT Swartz Review site. So it's good to see that MIT's Hal Abelson, who is leading the analysis of MIT's involvement in the matter, is apparently open to this workaround to the ban on questions from outsiders. In fact, on Sunday Abelson himself reposted an interesting question posed by Boston College Law School Prof. Sharon Beckman: 'What, if anything, did MIT learn from its involvement in the federal prosecution of its student David LaMacchia back in 1994?' Not much, it would appear. LaMacchia, an apparent student of Abelson's whose defense team included Beckman, was indicted in 1994 and charged with the 'piracy of an estimated million dollars' in business and entertainment computer software after MIT gave LaMacchia up to the FBI. LaMacchia eventually walked from the charges, thanks to what became known as the LaMacchia Loophole, which lawmakers took pains to close. 'MIT collaborated with the FBI to wreck LaMacchia's life,' defense attorney Harvey Silverglate charged in 1995 after a judge dismissed the case. 'I hope that this case causes a lot of introspection on the part of MIT's administration. Unfortunately, I doubt it will.'

Submission + - Barracuda Networks Confirms Exploitable Backdoors In Its Appliances (

Orome1 writes: "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances."

Submission + - Mistery solved: researchers explain why flu comes in the winter 1

ggrocca writes: Using human mucus as a testbed for how well influenza virus thrives in different humidity conditions, researchers at Virginia Tech found that the virus survived best if humidity is below 50%, a tipical indoor situation during the winter in temperate climates due to artificial heating. The virus begins to find itself at home again only when humidity reaches almost 100%. Unsurprisingly, the latter finding explains flu spikes during rainy season in tropical climates. Full paper on PLOS ONE:

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel