Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Submission + - Report: Watch Dogs Game May Have Influence Highway Sign Hacking 1

An anonymous reader writes: Earlier this month, at least three US states reported that a hacker had broken into electronic road signs above major highways, with the hacker leaving messages for people to follow him on Twitter. The Multi-State Information Sharing an Analysis Center (MS-ISAC) produced an intelligence report blaming a Saudi Arabian hacker that the organization says likely got the idea from Watch Dogs, a new video in which game play revolves around ‘hacking,’ with a focus on hacking critical infrastructure-based electronic devices in particular. "Watch Dogs allows players to hack electronic road signs, closed-circuit television cameras (CCTVs), street lights, cell phones and other systems. On May 27, 2014, the malicious actor posted an image of the game on his Twitter feed, demonstrating his interest in the game, and the compromise of road signs occurs during game play. CIS believes it is likely that a small percentage of Watch Dog players will experiment with compromising computers and electronic systems outside of game play, and that this activity will likely affect SSLT [state, local, tribal and territorial] government systems and Department of Transportation (DOT) systems in particular.” Nevermind that, as the report notes, the hacker likely broke in because the signs allowed telnet and were secure with weak or default passwords. The report came out on the same day that The Homeland Security Department cautioned transportation operators about a security hole in some electronic freeway billboards that could let hackers display bogus warnings to drivers.

Submission + - Guy DDoS's his old boss and gets caught (

An anonymous reader writes: Brian Krebs writes about a story abouy a hacker who gets caught doing DDoS attacks against his former employer. He ends up learning the hard way what NOT to do when launching DDoS attacks using Booter services.

Submission + - Dozens suspended in Harvard University cheat scandal (

johnsnails writes: AROUND 60 students at Harvard University have been suspended and others disciplined in a mass cheating scandal at the elite college, the campus newspaper reports.

The Harvard Crimson quoted an email from Faculty of Arts and Sciences dean Michael Smith that said more than half of the cases heard by administrators in the scandal, which erupted last year, had resulted in suspension orders.

Submission + - $50,000 Zero-Day Exploit Smashes Adobe Reader Sandbox ( 1

tsu doh nimh writes: Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground, writes. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say theyâ(TM)ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because â" beginning with Reader Xâ" Adobe introduced a âoesandboxâ feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims.

Submission + - FTC: Data broker Spokeo to pay $800,000 for selling personal data to employers (

coondoggie writes: "The Federal Trade Commission today said data broker Spokeo will pay $800,000 to settle FTC charges it sold personal information it gathered from social media and other Internet-based sites to employers and job recruiters without taking steps to protect consumers required under the Fair Credit Reporting Act."

Submission + - Google to Warn of DNSChanger Infections (

tsu doh nimh writes: Google plans today to begin warning Internet users if their computers show telltale signs of being infected with the DNSChanger Trojan. The company estimates that more than 500,000 systems remain infected with the malware, despite a looming deadline that threatens to quarantine the sick computers from the rest of the Internet. The company said the warning will appear only when a user with an infected system visits a Google search results property (,, etc.), and will include the message, “Your computer appears to be infected.” Google security engineer Damian Menscher said the company expects to notify approximately a half-million users in the first week of the notices.

Submission + - Report Highlights 10 Sites Unfairly Blocked by UK Mobile Internet Censorship (

Mark.JUK writes: "The Open Rights Group (ORG), which works to raise awareness of digital rights and civil liberties issues, has published a new report that examines the impact of internet censorship on UK mobile networks and lists an example of 10 legitimate websites that often get unfairly blocked by adult content filters (over-blocking). The study is important because similar measures could soon be forced upon fixed line broadband ISP subscribers by the government. Some of the allegedly unfair blocks include censorship of the 'Tor' system, a privacy tool used by activists and campaigners across the globe, and the website of French ‘digital rights’ advocacy group 'La Quadrature du Net'."

Submission + - Serious Remote PHP Bug Accidentally Disclosed (

Trailrunner7 writes: A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag contest and then subsequently reported it to the PHP Group. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday.

The vulnerability is a simple one but it has serious consequences. Essentially, the researchers found that when they passed a specific query string that contained the -s command to PHP in a CGI setup, PHP would interpret the -s as the command line argument and result in the disclosure of the source code for the application. They extended their testing and found they could pass whatever command-line arguments they wanted ot the PHP binary.


Submission + - OpenX to Patch CSRF Flaw Used to Serve Rogue Ads ( 1

tsu doh nimh writes: Online ad software solution provider OpenX says it will release a security update next week to fix a security vulnerability that miscreants have been using to run malware-tainted ads on sites served by OpenX software. The disclosure comes after a flurry of media attention and blog posts about OpenX users complaining of finding strange new administrator accounts added to their installations. In an interview with yesterday, the company confirmed that a cross-site request forgery (CSRF) flaw was to blame, but officials there have not said whether their internal systems may have played a part in the attacks. OpenX posted some mitigation instructions on its blog, pending the release of a patch.

Submission + - News Corp: 14,000 executive emails blown open (

DMandPenfold writes: Some 14,400 News Corp emails have been published by an Australian newspaper as a storm grows around Rupert Murdoch's company and a former unit's alleged involvement in hacking the smart codes of pay TV rival ONdigital.

The email cache, published online by the Australian Financial Review, could cause issues for Cisco, the networking company that bought NDS, once a News Corp subsidiary, for £3.2 billion two weeks ago.

Allegations have been raised that NDS security head Ray Adams – a former commander in the Metropolitan Police – paid a hacker to access the smart codes of ONdigital, an ITV-owned rival that later collapsed after mass counterfeiting of TV access cards. The messages, purportedly from an NDS unit hard drive, apparently show the unit discussing a pay-TV rival being "totally hacked" by pirates.

The emails also raise questions on News Corp's disputes with pay TV rivals in other geographical areas, including the US and Australasia, it has been reported. The newspaper claimed that NDS's activities in Australia in 1999 caused huge financial damage to News Corp's competitors there.

NDS has not commented. News Corp, its former parent before the Cisco acquisition, said it was "proud to have worked with NDS, whose industry-leading technology has transformed TV viewing for millions of people across the world, and to have supported them in their aggressive fight against piracy and copyright infringement".

In one email, NDS employees appear to discuss the fact that a European pay-TV company was "totally hacked", at a time that News Corp was interested in buying a stake in that company, the FT noted. The email sender writes whether NDS should "start to protect" the encryption method used by the company "while leaving the main...platform compromised", given News Corp's buying interest.

NDS said after a BBC Panorama expose on Monday that it has always operated legally. It added: "These allegations were the subject of a long-running court case in the United States. This concluded with NDS being totally vindicated and its accuser having to pay almost $19m in costs – a point that the BBC neglected to include."

Adams has denied handling encryption codes.

In a statement, Cisco said: "The allegations made by the BBC's Panorama predate Cisco's involvement with NDS by more than 10 years. Given that we remain separate companies, it would be inappropriate for Cisco to comment further." The acquisition is set to close later this year.

Submission + - Site Aims to be Google of the Underweb (

tsu doh nimh writes: A new service in the cyber underground aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools. From the story: "A glut of data breaches and stolen card numbers has spawned dozens of stores that sell the information. The trouble is that each shop requires users to create accounts and sign in before they can search for cards. Enter MegaSearch, which lets potential buyers discover which fraud shops hold the cards they're looking for without having to first create accounts at each store.

Submission + - CERN to announce Higgs boson observation at LHC (

MrSeb writes: "Tomorrow, at 9am EST, scientists at the Large Hadron Collider (LHC) at CERN in Switzerland are expected to announce, with fairly strong certainty, that they have observed the Higgs boson “God” particle at a mass-energy of 125 GeV. For just over a week, rumors have been rife that observations with 2.5 to 3.5 sigma certainty (96% to 99.9%) have been made. For it to be declared an actual discovery, however, a sigma level of five has to be recorded. A score on the higher end of the range, towards 3.5, would definitely have particle physicists, engineers, scientists, and philosophers jumping around excitedly, though. If the Higgs boson has been observed, its mass of 125GeV will probably prove to be the most interesting factor. 125 GeV wouldn't require the complete rewriting of the Standard Model of particle physics, but it would be interesting enough to fuel some very cool theories."

Submission + - Former Antivirus Researcher Turns on Industry (

tsu doh nimh writes: 18-year-old Peter Kleissner, a former anti-virus industry employee who was recently dismissed from his job for publishing a rootkit has lashed back, with a site called, which aims to keep tabs on the different automated analysis services used by the security industry, such as Virustotal, ThreatExpert, and Norman Sandbox, The Washington Post reports. "Armed with up-to-date information about these automated scanning services, malware writers could instruct their creations to quit loading or destroy themselves if they detect they are being downloaded by one of these services, the site's founder said." Antivirus vendor Kaspersky accused Kleissner of being a black hat who is in league with a notorious malware gang, and of threatening security vendors with distributed denial of service (DDoS) attacks. Other security vendors are waiting to see whether malware writers pay the service any mind. Meanwhile, Kleissner remains defiant: "I won't make a difference between black hats and AV companies. To me it's not good or bad, it's just technology."

Submission + - SPAM: FBI: National data-breach law would hit cybercrime

alphadogg writes: A U.S. law that would require businesses to report data breaches to potential victims could help law enforcement agencies fight the growth of cybercrime, a U.S. Federal Bureau of Investigation official said Wednesday. If U.S. businesses were required to share information about their data breaches, law enforcement agencies could link those attacks to others and potentially stop similar attacks at other organizations, said Jeffrey Troy, chief of the FBI's Cyber Criminal Section. Companies need to think beyond their walls when dealing with cybersecurity issues, Troy said. "They have to recognize that the Internet has become a global platform for commerce," he said. "The people that are stealing information from you ... are going after the money."
Link to Original Source

"There are things that are so serious that you can only joke about them" - Heisenberg