Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - Florida teen charged with felony hacking for using password teacher gave him-> 2 2

colinneagle writes: A 14-year-old middle school student in Holiday, Florida, was arrested this week and charged with "an offense against a computer system and unauthorized access," which is a felony. The student reportedly used an administrator password to log into a teacher's computer and change the background image to a photo of two men kissing.

The student also revealed his secrets after he was caught – the password was the teacher's last name, and the teacher had typed it in in full view of the students. The student said many other students used these administrators' passwords (their teachers' last names) so they can screen-share and video chat with other students.

The student was briefly held in a nearby detention center, and the county Sheriff warned that other teenagers caught doing the same thing will "face the same consequences."

Link to Original Source

+ - Domain autority ICANN asks FTC to rule on .sucks concern as it lacks authority->

DW100 writes: ICANN, the body in charge with overseeing the management and rollout of new top level domains such as .porn, .adult and .sucks, has asked the FTC to investigate whether the registry running .sucks is acting illegally, after concerns raised by ICANN's own in-house legal team it is selling the domains to brand owners in a 'predatory' manner.
Link to Original Source

+ - Watch DARPA Artificial Intelligence Search For Crime On The 'Dark Web'->

An anonymous reader writes: The Memex technology, named after an mechanical mnemonic dreamt up just as the Second World War was coming to a close, has already been put to use by a number of law enforcement agencies, who are looking to counter crime taking place on networks like Tor, where Hidden Services are protected by the privacy-enhancing, encrypted hosting, often for good, often for bad. In its first year, the focus at Memex has been on tracking human trafficking, but the project’s scope stretches considerably wider.
Link to Original Source

+ - Stupid Simple Security - a Chrome plugin for safer browsing

shmaybebaby writes: There's this free and open source searchable repository of web vulnerabilities across the entire Internet. It's called PunkSPIDER (http://punkspider.hyperiongray.com) and it's handy for looking up the websites you frequent to see if they have any egregious vulnerabilities that could compromise your privacy and identity. Here's a Slashdot article on PunkSPIDER from last year http://it.slashdot.org/story/1... — you can see from the comments that it was, uh, kind of controversial.

But turns out, it's not even close to being the WMD that people were afraid of (that's a "weapon of mass destruction," in case you were born after the year 2000) and is actually kind of useful, particularly for the security / hacker community. People have used it for penetration testing recon, for security research, for a quick check of their own website, or just for personal use. The thing is, unless you're a security researcher who keeps PunkSPIDER open in a tab in your browser, you probably won't remember to go there and check out a website to make sure it's safe before you give them your credit card info.

To make it more accessible to the average user, the team behind PunkSPIDER released a Chrome extension that sits in your nav bar and tells you if PunkSPIDER has found any vulnerabilities on the site you're on. If it does, you get a red x, if it doesn't, you get a green check. It's stupid simple and it's free.

Here's a link to dl the extension https://chrome.google.com/webs... and here's a demo video on how it works http://www.youtube.com/watch?v.... There are some other videos under the same account that you can watch if you want to know more about the PunkSPIDER project.

There are plans to release a Firefox plugin soon, too, which will be nice because it's arguably a more ubiquitous browser than Chrome. Still, I'm switching to Chrome now just for this extension.

Comment: Re:Sounds like Acunetix (Score 2) 57 57

Ask and you shall receive :-). I have more information on that than you'd probably like to know. The back-end is actually quite similar to the PunkSPIDER project's back-end and uses all of the same principles, most of the same open software as its base, and even reuses some of the code (in fact, once it's done I'll probably make the back-end of web 3.0 a part of PunkSPIDER 2.0 - free and open source of course). So with that said here's info on how PunkSPIDER was built, which should give you a solid start to how we're building the web 3.0 back-end:

(1) A link to the talk at ShmooCon on PunkSPIDER which gives more info than you'd ever want to know about the back-end: http://www.hyperiongray.com/shmoocon
(2) If you're in a rush you can read some basic stuff about it here: http://www.hyperiongray.com/node/18
(3) If you really want to get into it you can download PunkSCAN (the PunkSPIDER back-end) on bitbucket and take a look: https://bitbucket.org/punkspider/punkscan

And last but not least, if you want to know even more feel free to contact Hyperion Gray at punkspider@hyperiongray.com or follow me (Alejandro) at @DotSlashPunk on Twitter. Oh and thanks for the feedback on the buzzy name, it's meant to be a little over the top, but we'll keep your comment in mind!

Alex

+ - Hackers Unveil A New Way of Visualizing Web Vulnerabilities at DEF CON 21

punk2176 writes: Hacker and security researcher Alejandro Caceres (developer of the PunkSPIDER project) and 3D UI developer Teal Rogers unveiled a new free and open source tool at DEF CON 21 that could change the way that users view the web and its vulnerabilities. The project is a visualization system that combines the principles of offensive security, 3D data visualization, and "big data" to allow users to understand the complex interconnections between websites. Using a highly distributed HBase back-end and a Hadoop-based vulnerability scanner and web crawler the project is meant to improve the average user's understanding of the unseen and potentially vulnerable underbelly of web applications that they own or use. The makers are calling this new method of visualization web 3.0.

A free demo can be found here, where users can play with and navigate an early version of the tool via a web interface. More details can be found here and interested users can opt-in to the mailing list and eventually the closed beta here.

+ - Scientists Uncover First Hundred Thousand Years of Our Universe

An anonymous reader writes: In order to solve a mystery, you need to revisit the scene of the crime. In the case of the Big Bang, though, that's a little difficult. That's why scientists are using cosmic microwave background (SMB) radiation data to look back at the origins of our universe. Now, they've managed to get their furthest look back through time yet, catching a glimpse of the universe a mere 100 to 300,000 years after its birth.

+ - Researcher (ab)uses Big Data tech for large-scale attacks 1 1

punk2176 writes: Security researcher Alejandro Caceres demonstrated techniques and released open source tools to attack large (e.g. country sized) beds of targets using "Big Data" technologies at this year's DEF CON 21 hacking conference. Caceres is best known for the controversial PunkSPIDER project, a project to vulnerability scan the entire Internet's websites and make them searchable by the general public.

The new techniques revolve around using an Apache Hadoop cluster and cloud technologies, such as Amazon's Elastic MapReduce, to conduct large, coordinated attacks. The researcher showed that by leveraging the MapReduce parallel programming concept, such techniques can be extremely effective. He demonstrated several use cases, including a coordinated, automated SQL injection attack that was able to steal system hashes at a rate of 1 target every .75 seconds, approximately 70 times faster than with conventional means. These techniques may allow a single attacker to conduct massive attacks against hundreds of thousands or even millions of targets, a task which would otherwise be too time-consuming, costly or complex for an attacker. More details on the talk can be found on the DEF CON website or at open source R&D organization Hyperion Gray's website.

+ - Lon Snowden, former Coast Guard officer, is on the way to Moscow

Max_W writes: Lon Snowden, the father of Edward Snowden, gave an interview to the Reuters: http://www.reuters.com/article/2013/08/07/us-usa-security-snowden-idUSBRE97617S20130807 He is also practically on the way to Russia, to visit his fugitive son. He applied for the Russian Federation entry visa already.

Edward Snowden's deeds could be debatable, but I am absolutely fascinated by his father's courage. He is calm and absolutely fearless in trying to save his son. Is it a former Coast Guard character? As we know Coast Guard officers are facing grave danger on a daily basis. Or would anybody act like this in his place?

+ - IBM Builds Programming Model For Brain-Like Computing ->

judgecorp writes: IBM is working on a programming model for cognitive applications, which it hopes will provide something like a high-level language for producing brain-like programs, enabling "anyone" to make cognitive applications, just as FORTRAN did for conventional computing. IBM plans to build a brain with 10 billion neurons (about one tenth the number in the human brain.The project surely wins Acronym of the Week: it's called SyNAPSE (Systems of Neuromorphic Adaptive Plastic Scalable Electronics).
Link to Original Source

+ - Conflicting Views on the Science of Pain

ZahrGnosis writes: Popular Science, a stalwart of the scientific literature community, posted a couple of articles about pain research recently that are causing a bit of controversy. First, they posted an article titled Fetal Pain Is A Lie: How Phony Science Took Over The Abortion Debate that argues fetuses don't feel pain at 20 weeks due to a scientific consensus that the nervous system is underdeveloped at that point. Ironically, this argument has been used for years in a different setting: to claim that crustaceans don't feel pain (justifying among other things the live boiling of lobster). But PopSci also posted an article titled Crabs And Lobsters Probably Do Feel Pain, According To New Experiments. And now there's mild internet flaming going on. I know Slashdot doesn't venture into the abortion arena much, and I'm not trying to wade into political territory so much as understand the competing scientific commentaries (in so much as fetuses and lobster can be compared). But mostly I'm just curious what the Slashdot crowd thought.

+ - NVIDIA open sources SHIELD's operating system->

hypnosec writes: NVidia has now open-sourced the operating system that powers the gaming console to encourage its modification and further development. Powered by NVidia’s homegrown Tegra 4 processor, the console runs Android, which shouldn't surprise many as the company moves ahead with its opensourcing intentions. The GPU company has said that the SHIELD is an ‘open gaming platform’ that allows for ‘an open ecosystem’ enabling developers to develop content as well as applications that takes advantage of the underlying hardware and which can be enjoyed on bigger displays as well as mobile screen.
Link to Original Source

+ - Stop fixing all security vulnerabilities. ->

PMcGovern writes: At BSidesLV in Las Vegas, Ed Bellis and Data Scientist Michael Roytman gave a talk explaining how security vulnerability statistics should be done. " Don't fix all security issues. Fix the security issues that matter, based on statistical relevance." They looked at 23,000,000 live vulnerabilities across 1,000,000 real assets, which belonged to 9,500 clients to explain their thesis.
Link to Original Source

You can do this in a number of ways. IBM chose to do all of them. Why do you find that funny? -- D. Taylor, Computer Science 350

Working...