Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

+ - Tribler Makes BitTorrent Completely Anonymous and Impossible to Compromise->

Submitted by giulioprisco
giulioprisco (2448064) writes "A group of researchers from the Delft University of Technology are about to do something never done before: make BitTorrent completely anonymous and impossible to shut down. Utilizing a dedicated Tor-like network, Tribler allows users to search and download torrents without risking any of their personal information or being tracked down, the researchers claim. Prior to The Pirate Bay being taken down, the creator Peter Sunde mentioned that he wished it would have died quicker so others could improve and innovate the technology. It looks like Sunde got his wish after all."
Link to Original Source

+ - FBI confirms open investigation into Gamergate->

Submitted by v3rgEz
v3rgEz (125380) writes "In a terse form letter responding to a FOIA request, the FBI has confirmed it has an open investigation into Gamergate, the loose but controversial coalition of gamers calling for ethics in gaming journalism — even as some members have harassed and sent death threats to female gaming developers and critics"
Link to Original Source

+ - Researchers discover SS7 flaw, allowing total access to ANY cell phone anywhere.->

Submitted by krakman
krakman (1121803) writes "Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging Chancellor Merkels phone earlier.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

Another result of Security being thought of after the fact, as opposed to part of the initial design."

Link to Original Source

+ - Satellite captures glowing plants from space->

Submitted by sciencehabit
sciencehabit (1205606) writes "About 1% of the light that strikes plants is re-emitted as a faint, fluorescent glow—a measure of photosynthetic activity. Today, scientists released a map of this glow as measured by the Orbiting Carbon Observatory-2, a NASA satellite launched in July with the goal of mapping the net amount of carbon in the atmosphere. The map reveals that tropical rainforests near the equator are actively sucking up carbon, while the Corn Belt in the eastern United States, near the end of its growing season, is also a sink. Higher resolution fluorescence mapping could one day be used to help assess crop yields and how they respond to drought and heat in a changing climate."
Link to Original Source

+ - ICANN Hacked Including Root DNS Systems->

Submitted by schwit1
schwit1 (797399) writes "Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages, and then typed their usernames and passwords into a bogus webpage, providing hackers with the keys to their accounts.

“The attack resulted in the compromise of the email credentials of several ICANN staff members,” the announcement reads, noting that the attack happened in late November and was discovered a week later.

With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog."

Link to Original Source

+ - Apple 'failing to protect Chinese factory workers'

Submitted by mrspoonsi
mrspoonsi (2955715) writes "Poor treatment of workers in Chinese factories which make Apple products has been discovered by an undercover BBC Panorama investigation. Filming on an iPhone 6 production line showed Apple's promises to protect workers were routinely broken. It found standards on workers' hours, ID cards, dormitories, work meetings and juvenile workers were being breached at the Pegatron factories. Apple said it strongly disagreed with the programme's conclusions. Exhausted workers were filmed falling asleep on their 12-hour shifts at the Pegatron factories on the outskirts of Shanghai. One undercover reporter, working in a factory making parts for Apple computers, had to work 18 days in a row despite repeated requests for a day off. Another reporter, whose longest shift was 16 hours, said: "Every time I got back to the dormitories, I wouldn't want to move. "Even if I was hungry I wouldn't want to get up to eat. I just wanted to lie down and rest. I was unable to sleep at night because of the stress.""

+ - Critical Git security vulnerability announced

Submitted by Anonymous Coward
An anonymous reader writes "Github has announced a security vulnerability and has encourage users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client.""

+ - Marissa Mayer's reinvention of Yahoo! stumbles

Submitted by schnell
schnell (163007) writes "The New York Times Magazine has an in-depth profile of Marissa Mayer's time at the helm of Yahoo!, detailing her bold plans to reinvent the company and spark a Jobs-ian turnaround through building great new products. But some investors are saying that her product focus (to the point of micromanaging) hasn't generated results, and that the company should give up on trying to create the next iPod, merge with AOL to cut costs and focus on the unglamorous core business that it has. Is it time for Yahoo! to "grow up" and set its sights lower?"

+ - Ars reviews Skype Translator

Submitted by Esra Erimez
Esra Erimez (3732785) writes "Peter Bright doesn't speak a word of Spanish but with Skype Translator he was able to have a spoken conversation with a Spanish speaker as if he was in an episode of Star Trek. He spoke English. A moment later, an English language transcription would appear, along with a Spanish translation. Then a Spanish voice would read that translation."

+ - Extracting Data from the Microsoft Data->

Submitted by Anonymous Coward
An anonymous reader writes "The Microsoft Band introduced last month hosts a slew of amazing sensors, but like so many wearable computing devices, users are unable to access their own data. A Brown University professor decompiles the app, finds that the data is transmitted to the Microsoft "cloud", and explains how to intercept the traffic to retrieve the raw minute-by-minute data captured by the Band."
Link to Original Source

+ - Grinch Vulnerability Could Put a Hole In Your Linux Stocking->

Submitted by itwbennett
itwbennett (1594911) writes "In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September."
Link to Original Source

+ - Hackers Compromise ICANN, Access Zone File Data System 2

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names.

The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers.

ICANN officials said they are notifying any users whose zone data might have been compromised."

+ - Steam adding PC games region locking.->

Submitted by will_die
will_die (586523) writes "Because of the recent currency devaluation Steam has now added region locking for games sold in Russia and CIS. Brazil and local area and Indonesia and local area are also being locked.
Where the locking affects you is if you purchase a game from one of those regions you cannot gift it to somone outside of the area. So someone from Russia can gift a game to someone to Georgia but not to someone in the USA.
You want to see the prices in the Russia store and compare them to the Steam Christmas Sale which should be starting in a few hours."

Link to Original Source

+ - Coolpad's backdoor installs apps and tracks customers without their knowledge->

Submitted by SternisheFan
SternisheFan (2529412) writes "(from ComputerWorld)

Chinese smartphone maker Coolpad has built an extensive "backdoor" into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.

In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed "CoolReaper."

"Coolpad has built a backdoor that goes beyond the usual data collection," said Ryan Olson, director of intelligence at Palo Alto's Unit 42. "This is way beyond what one malicious insider could have done."

Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China's largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People's Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.

Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.

Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.

Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware's command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad's backend control system. The console confirmed CoolReaper's functionality.

CoolReaper has a host of components that allow Coolpad to download updates and apps to devices, start services and uninstall apps, dial phone numbers and send texts, and more — all without user knowledge, much less authorization.

So far, the backdoor has been used to serve up unsolicited ads and install apps without user approval, said Olson, who speculated that both were being done for financial reasons. Coolpad may be getting a per-app-install fee, for example."

Link to Original Source

10.0 times 0.1 is hardly ever 1.0.

Working...