Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - This is How Russian Hackers Broke Into John Podesta's Gmail Account (

An anonymous reader writes: A series of previously unpublished malicious Bitly links are the smoking gun that proves Russian hackers broke into the Gmail account of John Podesta, the Hillary campaign chair. The links also prove an undeniable connection between the leak of Podesta's emails on WikiLeaks and other leaks of hacked emails on "DCLeaks."

Submission + - Yahoo Wants to Know If FBI Ordered Yahoo to Scan Emails

Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users’ emails for specific terms last year and if so, to declassify the order.

The letter is the result of news reports earlier this month that detailed an order that the FBI allegedly served on Yahoo in 2015 in an apparent effort to find messages with a specific set of terms. The stories allege that Yahoo complied with the order and installed custom software to accomplish the task. Yahoo officials said at the time the Reuters story came out that there is no such scanning system on its network, but did not say that the scanning software never existed on the network at all.

“Yahoo was mentioned specifically in these reports and we find ourselves unable to respond in detail. You office, however, is well positioned to clarify this matter of public interest. Accordingly, we urge your office to consider the following actions to provide clarity on the matter: (i) confirm whether an order, as described in these media reports, was issued; (ii) declassify in whole or in part such order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances,” the letter says.

Submission + - Recording Keystroke Sounds Over Skype to Steal Passwords

Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target’s PC, can record the acoustic emanations of a victim’s keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim’s machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it’s on.

Submission + - NSA Deputy Proposes Dedicated U.S. Cybersecurity Team (

An anonymous reader writes: Curtis Dukes, the NSA Deputy National Manager for National Security Systems, has urged the government to rethink their cybersecurity strategy as a whole, and find a way to unite separate departments to create a cohesive security policy to combat cybercrime. Speaking at a public policy think tank, Dukes outlined the lack of inter-agency cooperation that he believes is endangering national security, observing that managing the response requirements of different departments involved in cybercrime creates a delay of days — or even up to a week — when responding to a cyberattack. “I am now firmly convinced that we need to rethink how we do cyber defense as a nation.” he said. “By the time we get that sorted we are at a disadvantage when it comes to an adversary and how they can attack us in that regard.”

Submission + - Oak Ridge National Laboratory turns CO2 to booze, er, I mean fuel (

davidwr writes: The laboratory's process turns carbon dioxide into ethanol using common materials and nanotechnology. The laboratory press release is here, the paper is here.

The press release did not mention how much, if any, of the ethanol would be used for celebratory purposes.

Paper citation:

Song, Y., Peng, R., Hensley, D. K., Bonnesen, P. V., Liang, L., Wu, Z., Meyer, H. M., Chi, M., Ma, C., Sumpter, B. G. and Rondinone, A. J. (2016), High-Selectivity Electrochemical Conversion of CO2 to Ethanol using a Copper Nanoparticle/N-Doped Graphene Electrode. ChemistrySelect. doi:10.1002/slct.201601169

Submission + - FTC Shuts Down $9 Million Phone Fraud Ring

Trailrunner7 writes: The FTC has shut down a phone fraud scam that involved scammers calling consumers–mostly elderly and on fixed incomes–and pressuring them to invest in web sites that supposedly had ties to large companies, promising quick returns. The scheme allegedly netted the scammers more than $9 million.

The scheme involved six companies that the FTC alleges were owned and operated by three defendants, Susan Rodriguez, Matthew Rodriguez and William Whitley. The commission alleges that the defendants would call consumers unsolicited and try to convince them to hand over money for an investment in e-commerce sites that supposedly had links to large, legitimate sites such as Amazon.

“The details of the offer differ, but Defendants routinely describe it as an offer to purchase or invest in e-commerce websites, or websites that direct traffic to e-commerce websites such as Defendants’ telemarketers typically promise consumers that they will earn money based on sales at the e-commerce websites and/or traffic through their websites to the e-commerce websites. Defendants promise consumers substantial returns or income, such as hundreds or thousands of dollars every quarter,” the FTC complaint says.

Submission + - The Infowar Shaping the Election

Trailrunner7 writes: Depending upon your definition of the word, this presidential campaign cycle has included perhaps more surprises than any other in recent memory. Leaked videos, tax returns, and other data dumps have turned the 2016 campaign into the first to be defined by a modern information war.

And in today’s environment, whatever the imagination can conjure can be executed quickly and easily with a few keystrokes. Even Internet pioneer Al Gore likely couldn’t have envisioned today’s infowar campaigns. For decades, people have been leaking embarrassing information about political candidates to the media, but the leaks that we’re seeing published now are mostly enabled by the ubiquity of technology and the fundamental misunderstanding of some users of the way the Internet works and the permanence of data. Both Hillary Clinton and Donald Trump are now discovering that, like a weird uncle in town for the holidays, information has a way of hanging around and making life uncomfortable.

Submission + - Vera Bradley Reveals Data Breach at Retail Stores

Trailrunner7 writes: Vera Bradley, the maker of women’s handbags and accessories, said attackers compromised its payment processing system and were able to steal card data for customers who used cards in the company’s stores from the end of July through late September.

The data breach doesn’t affect cards that were used online and the company hasn’t specified how many users are affected yet. The incident apparently began on July 25 and ended on Sept. 23, and Vera Bradley said in a statement that it was alerted to the compromise by law enforcement on Sept. 15.

Submission + - Sen. Wyden, EFF Say Yahoo Email Order Must Be Released

Trailrunner7 writes: The secret order the Department of Justice served on Yahoo last year to get the company to scan incoming emails for specific terms should be declassified and made public under the terms of the USA Freedom Act, experts say.

Sometime in the early part of 2015, the Justice Department reportedly went to Yahoo officials with an order to search its users’ incoming email messages for certain words. Yahoo complied by building a custom piece of software that sat in the mail system and looked for the terms, which haven’t been made public. The revelations about the mail scanning program last week caused an uproar among security experts and civil liberties groups.

Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law.

“If the reports about the Yahoo order are accurate – including requiring the company to custom build new software to accomplish the scanning – it’s hard to imagine a better candidate for declassification and disclosure under Section 402," Aaron Mackey of the EFF said.

Submission + - New Attack Invisibly Monitors Mac Video Calls 1

Trailrunner7 writes: Security researcher Patrick Wardle, who has developed techniques for bypassing the Gatekeeper defenses in OS X, has disclosed a new attack that can invisibly monitor Mac users' webcams and microphones.

Wardle’s technique for monitoring users’ video call sessions would not be visible to the victim, because it would kick in while a session was already in progress, so the webcam light already would be on.

“After examining various ‘webcam-aware’ OS X malware samples, the research will show a new ‘attack’ that would allow such malware to stealthily monitor the system for legitimate user-initiated video sessions, then surreptitious piggyback into this in order to covertly record the session. As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection,” Wardle’s research abstract says.

Wardle also is releasing a new tool called OverSight that can detect this kind of attack and alert users.

Submission + - FBI: Skepticism of Government Hurts Cyber Investigations

Trailrunner7 writes: Although the FBI has improved its information security and forensics capabilities significantly in recent years, the bureau still is hamstrung by its inability to get complete cooperation from private companies and other organizations on attack data, the FBI’s deputy director said.

“It’s tougher in some places than others, and we understand that skepticism. We’ve not been perfect. We’ve had our own flaws in the past. We understand that folks are always skeptical of the government to some extent. We will only break through that with partnerships. We’re trying to be more responsive and agile in the information we disseminate and show we’re here to help. The next step is true collaboration,” Deputy Director Andrew McCabe said.

Recent events will not help the FBI in this regard. The revelation Tuesday that the FBI used a classified order last year to get Yahoo to scan massive amounts of incoming email for specific terms has caused an uproar in the security and privacy communities. Experts say the revelation could have serious repercussions for the company and the government.

Submission + - Whisper Systems Shows Why User Data Retention is Toxic

Trailrunner7 writes: The handful of companies that rule the Internet–Google, Amazon, Microsoft, etc.,–all sell products, whether they’re phones, books, or software. But they’re all essentially data analytics firms, ingesting and generating unfathomable amounts of information about their customers and their behavior and trying to predict what those customers might be interested in next. It’s a fine business, but it’s also one that courts danger. Not only will attackers come knocking, but so will law enforcement, and they will come bearing subpoenas and court orders.

The big web companies know this, of course, but they’ve built their businesses on monetizing data, so they don’t have a great way to unwind that. But some newer tech companies have gone in the opposite direction, deciding to keep as little user data as possible. Open Whisper Systems has given us the best example yet of this philosophy and how it can benefit the company as well as its users. OpenWhisper Systems is the developer of the Signal encrypted messaging app and earlier this year the FBI served the company wit a subpoena demanding all of the information OWS had on two separate phone numbers. One of the numbers turned out not to have a Signal account, but the other did, so OWS complied with the subpoena and gave the FBI everything it had on that number: the time the account was created and the last time it connected.

If the data isn’t there, no one can get to it. Not by compromising your network, and not with a subpoena. It’s a simple equation, but one that few organizations seem to be able to solve right now.

Submission + - Researchers Develop System to Send Passwords, Keys Through Users' Bodies

Trailrunner7 writes: Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies instead.

The human body is a good transmission mechanism for certain kinds of waves, and the UW researchers were looking for a way to take advantage of that fact to communicate authentication information from a user’s phone directly to a target device, such as a door knob or medical device. In order to make that idea a reality, they needed to develop a system that could be in direct contact with the user’s body, and could produce electromagnetic signals below 10 MHz. And to make the system usable for a mass audience, the team needed widely available hardware that could generate and transmit the signals.

So the researchers settled on the fingerprint sensor on iPhones and the touchpad on Lenovo laptops, as well as a fingerprint scanner and a touchpad from Adafruit. The concept is deceptively simple: generate an electromagnetic signal from the fingerprint sensor or touchpad and transmit that through the user’s body to the target device. The signal can carry a typical password or even an encryption key, the researchers said.

Submission + - SPAM: Hack iOS 10, Get $1.5 Million

Trailrunner7 writes: The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10.

The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company has a set of standing prices for the information it will buy, which includes bugs and exploits for iOS, Android, Flash, Windows, and the major browsers, and the top tier of that list has been $500,000 for an iOS jailbreak. But that all changed on Thursday when Zerodium announced that the company has tripled the standing price for iOS to $1.5 million.

Submission + - Homeland Security Committee Chair Says Crypto Backdoors Would Hurt U.S. Economy

Trailrunner7 writes: Rep. Michael McCaul, the chairman of the House Committee on Homeland Security, said forcing vendors to install backdoors or intentionally weakened encryption in their products is not the solution to the disagreement over law enforcement access to encrypted devices and said there needs to be international standards for how the problem is handled.

“The easy knee-jerk solution I thought was let’s just put a back door in everyone’s iPhone that law enforcement can access. Simple, makes sense,” McCaul said.

“Putting in a back door isn’t the solution. People don’t the government to have access to their data. The government wasn’t asking Apple to put in codes to create a vulnerability that would kill their product. We think there’s a better way and a better solution to doing that.”

McCaul also said that pressure from the U.S. government to insert backdoors could drive tech companies to take their operations out of the country.

“I don’t see it as privacy versus security. I see it as security versus security,” he said. “I don’t want to weaken encryption and drive these companies offshore.”

Slashdot Top Deals

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig