Follow Slashdot stories on Twitter


Forgot your password?

Submission Summary: 0 pending, 21 declined, 12 accepted (33 total, 36.36% accepted)

Submission + - Smart Grid Meter Homegrown Security Protocol Crushed By Researchers

plover writes: According to this article in ThreatPost,

Two researchers, Phillip Jovanovic of the University of Passau in Germany and Samuel Neves of the University of Coimbra in Portugal, published a paper exposing encryption weaknesses in the protocol.

The paper, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” explains how the authenticated encryption scheme used in the OSGP is open to numerous attacks—the paper posits a handful—that can be pulled off with minimal computational effort. Specifically under fire is a homegrown message authentication code called OMA Digest.

Submission + - Supervalu Becomes Another Hacking Victim (

plover writes: Supervalu (NYSE:SVU) is the latest retailer to experience a data breach, announcing today that cybercriminals had accessed payment card transactions at some of its stores.

The Minneapolis-based company said it had "experienced a criminal intrusion" into the portion of its computer network that processes payment card transactions for some of its stores. There was no confirmation that any cardholder data was in fact stolen and no evidence the data was misused, according to the company.

The event occurred between June 22 and July 17, 2014 at 180 Supervalu stores and stand-alone liquor stores. Affected banners include Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy.

Submission + - Smithsonian Releasing 3D Models of Artifacts

plover writes: The Seattle Times reports "the Smithsonian Institution is launching a new 3D scanning and printing initiative to make more of its massive collection accessible to schools, researchers and the public worldwide. A small team has begun creating 3D models of some key objects representing the breadth of the collection at the world's largest museum complex. Some of the first 3D scans include the Wright brothers' first airplane, Amelia Earhart's flight suit, casts of President Abraham Lincoln's face during the Civil War and a Revolutionary War gunboat. Less familiar objects include a former slave's horn, a missionary's gun from the 1800s and a woolly mammoth fossil from the Ice Age. They are pieces of history some people may hear about but rarely see or touch."

So far they have posted 20 models on the site, with the promise of much more to come.

Submission + - Why iFingerprinting Makes You Legally Unsafe (

plover writes: Mark Rasch, an attorney specializing in privacy and security law, has taken a look at using the iPhone's fingerprint access to protect your privacy. He believes that you can sometimes be compelled by a court to provide your password to unlock an encrypted file, depending on the circumstances. But you can always be compelled to provide your fingerprints, and that the Supreme Court has repeatedly affirmed there is no Fifth Amendment protection against it. That means if you lock your phone with only a fingerprint, the government will almost certainly be able to compel you to unlock it. If you lock it with a passcode, there's a chance you can refuse to provide it under the Fifth Amendment.

The new iPhone 5s’s biometric fingerprint scanner can actually put consumers (or merchants, for that matter) in a worse position legally than the previous four-digit PIN. In fact, the biometric can open the contents of a consumer’s phone and any linked payment systems, accounts or systems—including contacts, email and documents—less legally protected than the simple passcode. This is because the law may treat the biometric (something you are) differently from a password (something you know).


Submission + - FinSpy Commercial Spyware Abused By Governments

plover writes: The NY Times has this story about FinSpy, a commercial spyware package sold "only for law enforcement purposes" being used by governments to spy on dissidents, journalists, and others, and how two U.S. computer experts, Morgan Marquis-Boire from Google, and Bill Marczak, a PhD student in Computer Science, have been tracking it down around the world.
The Military

Submission + - Iran Admits Stuxnet Impacted Their Nuclear Program (

plover writes: According to this article in the Guardian,

Ahmadinejad admitted the worm had affected Iran's uranium enrichment. "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," the president said. "They did a bad thing. Fortunately our experts discovered that, and today they are not able [to do that] anymore."

Submission + - Ars Technica Forums Abused by Phishers

plover writes: Some Ars Technica members received phishing attempts purporting to be from SunTrust this morning. Here's the posting on the Ars forum explaining what happened.

It seems that many users received phishing attempts to Ars only email addresses this morning. We're working on it and will update this post when we find something out.

We believe that our previous forum provider has some exploit that allows people to send messages to private email addresses through their servers. Every report we've seen has originated at one of their web front ends. If we are correct, your email addresses have not been compromised. It's obviously pretty bad to be getting phishing attempts forwarded through someone else, but not quite as bad as if an email DB had been jacked or something.

We have emails out to them. There's a chance we won't hear back for a couple of hours since they're on pacific time, but we're doing what we can.

That's got to be one stupid phisherman to try phishing from the members of Ars Technica.

Submission + - US Admits Most Piracy Estimates Are Bogus

plover writes: According to this article on Ars Technica, the GAO admitted that the estimates of the impact of piracy have no basis in fact.

After examining all the data and consulting with numerous experts inside and outside of government, the Government Accountability Office concluded that it is "difficult, if not impossible, to quantify the economy-wide impacts."


Submission + - Senate Votes to Replace Aviation Radar With GPS ( 1

plover writes: The U.S. Senate today passed by a 93-0 margin a bill that would implement the FAA's NextGen plan to replace aviation radar with GPS units. It will help pay for the upgrade by increasing aviation fuel taxes on private aircraft. It will require two inspections per year on foreign repair stations that work on U.S. planes. And it will ban pilots from using personal electronics in the cockpit. This just needs to be reconciled with the House version and is expected to soon become law. This was discussed on Slashdot a few years ago.

Submission + - Do your developers have local admin rights? 6

plover writes: I work as a developer for a Very Large American Corporation. We are not an IT company, but have a large IT organization that does a lot of internal development. In my area, we do Windows development, which includes writing and maintaining code for various services and executables. A few years ago the Info Security group removed local administrator rights from most accounts and machines, but our area was granted exceptions for developers. My question is: do other developers in other large companies have local admin rights to their development environment? If not, how do you handle tasks like debugging, testing installations, or installing updated development tools that aren't a part of the standard corporate workstation?

Submission + - Wal-mart Hacked in 2006, Details in Wired

plover writes: Kim Zetter of Wired documents an extensive hack of Wal-Mart that took place in 2005-2006. She goes into great detail about the investigation and what the investigators found, including that the hackers made copies of their point-of-sale source code, and that they ran l0phtCrack on a Wal-Mart server.

Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart’s initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.

Wal-mart has long since fixed the flaws that allowed the compromise, and confirmed that no customer data was lost in the hack.

To downgrade the human mind is bad theology. - C. K. Chesterton