Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Operating Systems

Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host (itnews.com.au) 9

Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update the dom0 operating system to the latest version.
"A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"
Crime

Cisco Finds $34 Million Ransomware Industry (networkworld.com) 9

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.
United States

The Chip Card Transition In the US Has Been a Disaster (qz.com) 237

Ian Kar, writing for Quartz: Over the last year or so in the U.S., a lot of the plastic credit cards we carry around every day have been replaced by new one with chips embedded in them. The chips are supposed to make your credit and debit cards more secure -- a good thing! -- but there's one little secret no one wants to admit: The U.S.'s transition to chip cards has been an utter disaster. They're confusing to use, painstakingly slow, less secure than the alternatives, and aren't even the best solution for consumers. If you've shopped in a store and used a credit card, you've noticed the change. Retailers have likely asked you to insert the chip into the card reader, instead of swiping. But reading the chip seems to take much longer than just swiping. And on top of that, even though many retailers now have chip reading machines, some of them ask us just the opposite -- they say not to insert the card, and just swipe. It seems like there's no rhyme or reason to the whole thing.
The Military

Russia's Rise To Cyberwar Superpower (dailydot.com) 40

"The Russians are top notch," says Chris Finan, an ex-director at DARPA for cyberwar research, now a CEO at security firm Manifold Technology, and a former director of cybersecurity legislation in the Obama administration. "They are some of the best in the world... " Slashdot reader blottsie quotes an article which argues the DNC hack "may simply be the icing on the cyberwar cake": In a flurry of action over the last decade, Russia has established itself as one of the world's great and most active cyber powers. The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee... The evidence -- plainly not definitive but clearly substantial -- has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have "high confidence" that Russia is behind the attack...

Beyond the forensic evidence that points to Russia, however, is the specter of President Vladimir Putin. Feeling encircled by the West and its expanding NATO alliance, the Kremlin's expected modus operandi is to strike across borders with cyberwar and other means to send strong messages to other nations that are a real or perceived threat.

The article notes the massive denial of service attack against Estonia in 2007 and the "historic and precedent-setting" cyberattacks during the Russian-Georgian War. "Hackers took out Georgian news and government websites exactly in locales where the Russian military attacked, cutting out a key communication mode between the Georgian state and citizens directly in the path of the fight."
Stats

Uber Doesn't Decrease Drunk Driving, Finds New Study (washingtonpost.com) 49

"A new study casts doubt on Uber's claim that ride-sharing has reduced drunken driving," reports the Washington Post. An anonymous Slashdot reader quotes their report: Researchers at Oxford University and the University of Southern California who examined county-level data in the United States before and after the arrival of Uber and its competitors in those markets found that ride-sharing had no effect on drinking-related or holiday- and weekend-related fatalities. One reason could be that, despite the soaring popularity of Uber and other ride-sharing services, there still may not be enough ride-share drivers available yet to make a dent on drunken driving, the authors said.

They also suggest that the tipsy riders who now call Uber are the ones who formerly would have called a taxi. For others, the odds of getting a DUI are still so low that many would prefer to gamble rather than lay out money for a ride-sharing service. Drunks, after all, are just not rational.

One reason for the low number of Uber drivers may be that the 10-year study only examined data through 2014. While other studies have found a decrease in drunk driving arrests associated with Uber -- for example, in California -- the Post's article suggests that ridesharing drivers may just be a drop in the bucket. "Although approximately 450,000 people now drive for Uber, there are 210 million licensed drivers in the United States -- and an estimated 4.2 million adults who drive impaired, the study says."
Security

Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers (schneier.com) 135

Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."
Earth

World's Largest Solar Power Plant Planned For Chernobyl Nuclear Wasteland (electrek.co) 101

An anonymous reader writes from a report via Electrek: Chernobyl, the world's most famous and hazardous nuclear meltdown, is being considered for the world's largest solar power plant. Even though nearly 1,600 square miles of land around Chernobyl has radiation levels too high for human health, Ukraine's ecology minister has said in a recent interview that two U.S. investment firms and four Canadian energy companies have expressed interest in Chernobyl's solar potential. Electrek reports: "According to PVTech, the Ukrainian government is pushing for a 6 month construction cycle. Deploying this amount of solar power within such a time frame would involve significant resources being deployed. The proposed 1GW solar plant, if built today, would be the world's largest. There are several plans for 1GW solar plants in development (Egypt, India, UAE, China, etc) -- but none of them have been completed yet. One financial benefit of the site is that transmission lines for Chernobyl's 4GW nuclear reactor are still in place. The European Bank for Reconstruction and Development has stated they would be interested in participating in the project, 'so long as there are viable investment proposals and all other environmental matters and risks can be addressed to the bank's satisfaction.'"
NASA

Class of Large But Very Dim Galaxies Discovered (nature.com) 69

schwit1 writes from a report via Nature: Astronomers have now detected and measured a new class of large but very dim galaxy that previously was not expected to exist. Nature reports: "'[Ultradiffuse]' galaxies came to attention only last year, after Pieter van Dokkum of Yale University in New Haven, Connecticut, and Roberto Abraham of the University of Toronto in Canada built an array of sensitive telephoto lenses named Dragonfly. The astronomers and their colleagues observed the Coma galaxy cluster 101 megaparsecs (330 million light years) away and detected 47 faint smudges. 'They can't be real,' van Dokkum recalls thinking when he first saw the galaxies on his laptop computer. But their distribution in space matched that of the cluster's other galaxies, indicating that they were true members. Since then, hundreds more of these galaxies have turned up in the Coma cluster and elsewhere. Ultradiffuse galaxies are large like the Milky Way -- which is much bigger than most -- but they glow as dimly as mere dwarf galaxies. It's as though a city as big as London emitted as little light as Kalamazoo, Michigan." More significantly, they have now found that these dim galaxies can be as big and as massive as the biggest bright galaxies, suggesting that there are a lot more stars and mass hidden out there and unseen than anyone had previously predicted.
Power

A Look Inside Tesla's $5 Billion Gigafactory (cnet.com) 49

An anonymous reader quotes a report from CNET: A joint effort between Tesla and Panasonic, the Gigafactory is a $5 billion project that will create the world's premier battery manufacturing facility. The Gigafactory will not only be physically larger than any other cell-packing plant on the planet, it'll produce more batteries than the entire industry did back in 2013. That's a lot of batteries, enough to meet Tesla's 500,000-per-year manufacturing goals -- and potentially even more. When completed, the factory will cover five million square feet of the desert floor just outside of Reno, Nevada. Right now, the uncompleted but already-operational factory sits on 800,000 square feet. Over the next four years the building will grow and grow again, swelling to its full size while production dials up simultaneously. The roof will be covered in solar panels, with the goal of producing enough electricity to power the entire thing. Tesla is already assembling Powerwall units here, but the first Model 3 battery packs are expected to roll off the line by the middle of next year. From there, Tesla will have to scale quickly to meet the company's Model 3 production goals for 2018. And, once the company does, the cost savings will begin. The "Tesla Gigafactory Tour" video can also be viewed on YouTube via Roadshow.
Advertising

Malvertising Campaign Infected Thousands of Users Per Day For More Than a Year (softpedia.com) 103

An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.
Communications

Snowden Questions WikiLeaks' Methods of Releasing Leaks (pcworld.com) 136

An anonymous reader quotes a report from PCWorld: Former U.S. National Security Agency contractor, Edward Snowden, has censured WikiLeaks' release of information without proper curation. On Thursday, Snowden, who has embarrassed the U.S. government with revelations of widespread NSA surveillance, said that WikiLeaks was mistaken in not at least modestly curating the information it releases. "Democratizing information has never been more vital, and @Wikileaks has helped. But their hostility to even modest curation is a mistake," Snowden said in a tweet. WikiLeaks shot back at Snowden that "opportunism won't earn you a pardon from Clinton [and] curation is not censorship of ruling party cash flows." The whistleblowing site appeared to defend itself earlier on Thursday while referring to its "accuracy policy." In a Twitter message it said that it does "not tamper with the evidentiary value of important historical archives." WikiLeaks released nearly 20,000 previously unseen DNC emails last week, which suggest that committee officials had favored Clinton over her rival Senator Bernie Sanders. The most recent leak consists of 29 voicemails from DNC officials.
Democrats

Clinton Campaign Breached By Hackers 217

An anonymous reader writes: Hillary Clinton's campaign network was breached by hackers targeting several large Democratic organizations, Reuters reports. Clinton's campaign spokesperson Nick Merrill confirmed the hack in a statement. 'An analytics data program maintained by the DNC, and used by our campaign and a number of other entities, was accessed as part of the DNC hack. Our campaign computer system has been under review by outside security experts. To date, they have found no evidence that our internal systems have been compromised,' he said.

The hack follows on the heels of breaches at the Democratic National Committee and at the Democratic Congressional Campaign Committee earlier this year. More than 19,000 emails from DNC officials were published on WikiLeaks just prior to the Democratic National Convention, casting a shadow over the proceedings. Some security experts and U.S. officials have attributed the breaches to Russian operatives, although the origin of the email leak is less certain.
Microsoft

Court Ruling Shows The Internet Does Have Borders After All (csoonline.com) 44

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
Security

SwiftKey Bug Leaked Email Addresses, Phone Numbers To Strangers (theverge.com) 28

An anonymous reader writes: After many users reported receiving predictions meant for other users, such as email addresses and phone numbers, SwiftKey has suspended part of its service. The service responsible for the bug was SwiftKey's cloud sync service. The Verge reports that one user, an English speaker, was getting someone else's German suggestions, while someone received NSFW porn search suggestions. The Telegraph also reports, "One SwiftKey user, who works in the legal profession and ask to remain anonymous, found out their details had been compromised when a stranger emailed them to say that a brand new phone had suggested their email address when logging into an account online. 'A few days ago, I received an email from a complete stranger asking if I had recently purchased and returned a particular model of mobile phone, adding that not one but two of my email addresses (one personal and one work address) were saved on the phone she had just bought as brand-new,' said the user." SwiftKey released an official statement today about the issue but said that it "did not pose a security issue."
Facebook

Instagram Will Soon Allow Users To Filter Comments (bbc.co.uk) 15

Instagram has had enough of questionable, offensive comments. The company announced Friday that it will soon give users the ability to make the choice about what's acceptable and what's not, reports BBC. From an article: The first will let people hide certain words, phrases or emoji icons from their feed. The second will go further in allowing users to block comments entirely, on a post by post basis. Verified accounts will be able use these new tools first before they are rolled out to everyone, Newsbeat has learned. Accounts which get lots of comments will get access in the next couple of weeks.

Slashdot Top Deals