Follow Slashdot stories on Twitter


Forgot your password?

Cyberattack On German Steel Factory Causes 'Massive Damage' 202

Posted by Soulskill
from the social-engineering-is-the-bug-you-can't-fix dept.
An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.

Comment: Re:$32 million of greed. (Score 1) 169

by theskipper (#48640211) Attached to: Calculus Textbook Author James Stewart Has Died

Put it this way, before 1980, sure. But over the last 30 or so years it's been a different ballgame.

There were 100 baggers available by selling at the top of the internet bubble. Or buying MDVN 10 years ago or tucking away some AAPL in the dark days. And these opportunities aren't dying out; for example, the same scenario is playing again right now in immuno/gene therapy.

Expand that out to real estate, Forex, domain names or just about any other investment/speculative vehicle over that time and you're talking a massive # of individual opportunities that yielded multi-fold returns. Returns that could be parlayed into further opportunities.

So imo it's not unreasonable for someone to turn $1m into $30m over a 20 year span even with average discipline, intelligence and luck.


Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 170

Posted by timothy
from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

Comment: Re:$32 million of greed. (Score 2) 169

by theskipper (#48639513) Attached to: Calculus Textbook Author James Stewart Has Died

Most likely not. Based on a cursory look at Scholastic, McGraw-Hill and John Wiley, only the latter has returned close to a 10-bagger in the last 20 years. Of course the obvious stock in the book space is Amazon at 100x+.

But the point is that there have been tons of investment opportunities that yielded extraordinary returns over that period. Being "astute" means you get rewarded for great due diligence, mixed in with good timing and some luck. It's the same for everyone who takes risk by investing, he shouldn't be pilloried for success imo.


Staples: Breach May Have Affected 1.16 Million Customers' Cards 97

Posted by timothy
from the your-name-here dept.
mpicpp writes with this excerpt from Fortune: Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.

Comment: Re:Check your math. (Score 1) 878

by theskipper (#48598157) Attached to: Apparent Islamic Terrorism Strikes Sydney

None? Is civil disobedience a crime? By its very nature it is. So lots of Christians have committed lots of crimes over the years in the name of their religion. Over issues like civil rights, gays, school prayer, to name a few.

Now the shooting of abortion providers in the name of Christianity is of course an actual indisputable crime. Only a few, but in fairness you did express the extremist view and say none.


Fraud Bots Cost Advertisers $6 Billion 190

Posted by samzenpus
from the wanting-a-human-click dept.
Rambo Tribble writes A new report claims that almost a quarter of the "clicks" registered by digital advertisements are, in fact, from robots created by cyber crime networks to siphon off advertising dollars. The scale and sophistication of the attacks which were discovered caught the investigators by surprise. As one said, "What no one was anticipating is that the bots are extremely effective of looking like a high value consumer."

New Destover Malware Signed By Stolen Sony Certificate 80

Posted by Soulskill
from the everything-but-the-kitchen-sink dept.
Trailrunner7 writes: Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it's representative of the genre of malware that doesn't just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords. The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.
Open Source

Microsoft Introduces .NET Core 187

Posted by Soulskill
from the how-the-sausage-is-made dept.
New submitter I will be back writes: Microsoft's Immo Landwerth has provided more details on the open source .NET Core. Taking a page from the Mono cookbook, .NET Core was built to be modular with unified Base Class Library (BCL), so you can install only the necessary packages for Core and ship it with applications using NuGet. Thus, NuGet becomes a first-class citizen and the default tool to deliver .NET Core packages.

As a smaller and cross-platform subset of the .NET Framework, it will have its own update schedule, updating multiple times a year, while .NET will be updated once a year. At the release of .NET 4.6, Core will be a clear subset of the .NET Framework. With future iterations it will be ahead of the .NET Framework. "The .NET Core platform is a new .NET stack that is optimized for open source development and agile delivery on NuGet. We're working with the Mono community to make it great on Windows, Linux and Mac, and Microsoft will support it on all three platforms."

Comment: Re:Cheers for Mint (Score 5, Interesting) 89

by theskipper (#48497529) Attached to: Linux Mint 17.1 Cinnamon and MATE Editions Released

Cinnamon was the antidote to the dumbed-down interface craze for me. Switched to it a year ago and haven't looked back.

Nemo alone is worth the switch, it's a file manager that doesn't treat you like a child and "hide the knives" (and trees in the sidebar are intuitive to me, ymmv). Workspace management via panel, hotkeys or OSD all work well. The system menu is usable and makes sense. Applets are actually easy to install and manage. A couple clicks and sane scrollbars are back. And simple things out of the box like being able to resize a window without the idiocy of trying to hit a single pixel in the lower right corner reflects the productivity mindset it targets.

Maybe all this has been fixed in Unity/Gnome 3/etc. but I haven't paid attention and don't care at this point. Sure there's still bugs and features that need polishing but imho it's worth setting up a vm to test it out.


Mathematicians Study Effects of Gerrymandering On 2012 Election 413

Posted by samzenpus
from the fix-is-in dept. writes Gerrymandering is the practice of establishing a political advantage for a particular party by manipulating district boundaries to concentrate all your opponents' votes in a few districts while keeping your party's supporters as a majority in the remaining districts. For example, in North Carolina in 2012 Republicans ended up winning nine out of 13 congressional seats even though more North Carolinians voted for Democrats than Republicans statewide. Now Jessica Jones reports that researchers at Duke are studying the mathematical explanation for the discrepancy. Mathematicians Jonathan Mattingly and Christy Vaughn created a series of district maps using the same vote totals from 2012, but with different borders. Their work was governed by two principles of redistricting: a federal rule requires each district have roughly the same population and a state rule requires congressional districts to be compact. Using those principles as a guide, they created a mathematical algorithm to randomly redraw the boundaries of the state's 13 congressional districts. "We just used the actual vote counts from 2012 and just retabulated them under the different districtings," says Vaughn. "If someone voted for a particular candidate in the 2012 election and one of our redrawn maps assigned where they live to a new congressional district, we assumed that they would still vote for the same political party."

The results were startling. After re-running the election 100 times with a randomly drawn nonpartisan map each time, the average simulated election result was 7 or 8 U.S. House seats for the Democrats and 5 or 6 for Republicans. The maximum number of Republican seats that emerged from any of the simulations was eight. The actual outcome of the election — four Democratic representatives and nine Republicans – did not occur in any of the simulations. "If we really want our elections to reflect the will of the people, then I think we have to put in safeguards to protect our democracy so redistrictings don't end up so biased that they essentially fix the elections before they get started," says Mattingly. But North Carolina State Senator Bob Rucho is unimpressed. "I'm saying these maps aren't gerrymandered," says Rucho. "It was a matter of what the candidates actually was able to tell the voters and if the voters agreed with them. Why would you call that uncompetitive?"

Sony Pictures Computer Sytems Shut Down After Ransomware Hack 155

Posted by Soulskill
from the try-long-enough-and-you-find-a-soft-target dept.
MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.

Line Printer paper is strongest at the perforations.