Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked

pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.

+ - Comcast & Time Warner merger died

andyring writes: According to Bloomberg News, the Time Warner/Comcast merger of raw evil is dead. Comcast plans as early as tomorrow to withdraw the merger proposal, "after regulators decided that the deal wouldn’t help consumers, making approval unlikely" according to the story.

+ - Court overturns Dutch data retention law, privacy more important-> 1 1

wabrandsma writes: DutchNews.nl writes:
Internet providers no longer have to keep their clients phone, internet and email details because privacy is more important, a Dutch court ruled on Wednesday.

Digital Rights organisation Bits of Freedom writes in a Blog:
The law’s underlying European directive was meant as a tool in the fight against serious crimes. The Dutch law, however, is much more expansive, including everything from terrorism to bike theft. During the hearing, the state’s attorneys avowed that the Public Prosecution does not take the law lightly, and would not call on the law to request data in case of a bicycle theft. The judge’s response: it doesn’t matter if you exploit the possibility or not, the fact that the possibility exists is already reason enough to conclude that the current safeguards are unsatisfactory.

Link to Original Source

+ - Newly discovered sea creature was once the largest animal on Earth->

sciencehabit writes: Almost half a billion years ago, the largest animal on Earth was a 2-meter-long, helmet-headed sea creature that fed on some of the ocean’s tiniest prey. The newly described species is one of the largest arthropods yet discovered, a class of animals that includes spiders and crabs. The well-preserved remains of the multisegmented creature are providing clues about how subsequent arthropods’ legs may have evolved from the dozens of stubby flaps used to propel this beast through the water.
Link to Original Source

+ - Home Depot's credit cards may have been hacked ->

criticalmass24 writes: A massive batch of credit and debit card information that went on sale on a criminal Internet site Tuesday may be from Home Depot stores and could be linked to hackers previously responsible for breaches at Target and P.F. Chang’s, security experts say.

The credit card information was first offered up for sale Tuesday on an underground site that trafficks in stolen financial information, security author Brian Krebs reported on his blog, Krebsonsecurity.com.

Link to Original Source

Comment: Re:Details? (Score 2) 297 297

I don't know if we ever will receive the precise details of this NSA operation, but I would still like to know:

1) How was the integrity of the shipping chain tainted? At which point NSA grabbed the devices and who allowed them to do this?

2) What does this "spyware" do, and does this mean a modified system firmware or something else?

Most of that is covered in Greenwald's book, and also in the NSA documents that have been released. The specific physical interception point is not described, but the modified firmware is. Once the router goes into service it "phones home" periodically and allows NSA to send monitoring instructions.

+ - Cisco complains to Obama about NSA adding spyware to routers

pdclarry writes: Glenn Greenwald's book No Place to Hide reveals that the NSA intercepts shipments of networking gear destined for overseas and adds spyware. Cisco has responded by asking the President to intervene and stop this practice, as it has severely hurt their non-US business, with shipments to other countries falling from 7% for emerging countries to over 25% for Brazil and Russia.

+ - AOL finally admits they were hacked

pdclarry writes: Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions.

Well, AOL has finally come clean. Apparently individuals unknown accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects "only" 2% of their members, but recommends that everyone change their passwords and security questions.

Comment: Re:Back when the Internet Mail Consortium was a th (Score 4, Informative) 83 83

The thing to do here is to fix the MLM software to use the correct additional headers, rather than rewriting the headers the DMARC policy feels are important; in addition, this would allow the DMARC policy to "whitelist" based on the attached headers, assuming everything else wasn't a black mark, and avoid the "greylisting" that would happen ordinarily with most SPAM filtering systems in "medium posture" rather than "low posture" (i.e. the ones that have the concept of "suspect email" as a middle ground).

I think you will find that most MLM software uses correct additional headers. At least listserv and mailman (for the lists that I manage) do. We've been playing nicely with ISPs for years on our lists, we create no spam (once we fixed the bounceback spam problem 3 years ago) and generally are among the more well-behaved email users around. The problem is that Yahoo's implementation of DMARC is not using the additional headers. All it looks at is From.

Comment: Re:Am I understanding this correctly? (Score 3, Insightful) 83 83

It's not blocking relayed mail in the usual sense. Most mailing lists use the original poster's email address as the FROM field so everyone on the list knows who posted the message. The SENDER field contains the actual list address. And that should match the sending server's IP address. So reverse DNS and SPF (and DKIM if enabled) will validate the SENDER as the list server software. The REPLY TO will be either the list or the original poster, depending on list policy. DMARC requires that the FROM field also match the sending server, and ignores SPF and DKIM.

Lead me not into temptation... I can find it myself.

Working...