Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - The DOJ Detected the SolarWinds Hack 6 Months Earlier Than First Disclosed (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: The U.S. Department of Justice, Mandiant, and Microsoft stumbled upon the SolarWinds breach six months earlier than previously reported, WIRED has learned, but were unaware of the significance of what they had found. The breach, publicly announced in December 2020, involved Russian hackers compromising the software maker SolarWinds and inserting a backdoor into software served to about 18,000 of its customers. That tainted software went on to infect at least nine US federal agencies, among them the Department of Justice (DOJ), the Department of Defense, Department of Homeland Security, and the Treasury Department, as well as top tech and security firms including Microsoft, Mandiant, Intel, Cisco, and Palo Alto Networks. The hackers had been in these various networks for between four and nine months before the campaign was exposed by Mandiant.

WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020—but the scale and significance of the breach wasn’t immediately apparent. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it’s not clear why the software maker was also brought onto the investigation.

It’s not known what division of the DOJ experienced the breach, but representatives from the Justice Management Division and the US Trustee Program participated in discussions about the incident. The Trustee Program oversees the administration of bankruptcy cases and private trustees. The Management Division advises DOJ managers on budget and personnel management, ethics, procurement, and security. Investigators suspected the hackers had breached the DOJ server directly, possibly by exploiting a vulnerability in the Orion software. They reached out to SolarWinds to assist with the inquiry, but the company’s engineers were unable to find a vulnerability in their code. In July 2020, with the mystery still unresolved, communication between investigators and SolarWinds stopped. A month later, the DOJ purchased the Orion system, suggesting that the department was satisfied that there was no further threat posed by the Orion suite, the sources say.

Submission + - NASA Power Tweak Extends Voyager 2 Mission

Submitted by canux
canux writes: In an effort to continue to power Voyager 2's five on-board scientific instruments, NASA engineers have devised a software update that disables the probe's electrical supply safety system.

"'Although the spacecraft’s voltage will not be tightly regulated as a result, even after more than 45 years in flight, the electrical systems on both probes remain relatively stable, minimizing the need for a safety net,' according to NASA JPL. 'The engineering team is also able to monitor the voltage and respond if it fluctuates too much. If the new approach works well for Voyager 2, the team may implement it on Voyager 1 as well.'”

The Voyager probes each contain a Multihundred-Watt Radioisotope Thermoelectric Generator for their power which use Plutonium-238 to generate heat to produce electricity with a thermocouple. Plutonium-238 has a half-life of a little over 87 years which means that Voyager 2 has seen a greater than 25% reduction in its power output since it was launched.

Submission + - SPAM: Seattle Public Schools Sues Social Media Giants for Youth Mental Health Crisis

Submitted by theodp
theodp writes: "A new lawsuit filed by Seattle Public Schools against TikTok, YouTube, Facebook, Snap, Instagram, and their parent companies," reports GeekWire's Todd Biship, "alleges that the social media giants have 'successfully exploited the vulnerable brains of youth' for their own profit, using psychological tactics that have led to a mental health crisis in schools. The suit, filed Friday in U.S. District Court in Seattle, seeks 'the maximum statutory and civil penalties permitted by law,' making the case that the companies have violated Washington state’s public nuisance law."

"The district alleges that it has suffered widespread financial and operational harm from social media usage and addiction among students. The lawsuit cites factors including the resources required to provide counseling services to students in crisis, and to investigate and respond to threats made against schools and students over social media. 'This mental health crisis is no accident,' the suit says. 'It is the result of the Defendants’ deliberate choices and affirmative actions to design and market their social media platforms to attract youth.'"

"The lawsuit cites President Joe Biden’s statement in his 2022 State of the Union address that 'we must hold social media platforms accountable for the national experiment they’re conducting on our children for profit.' The suit says the school district 'brings this action to do just that.'"

Submission + - SPAM: Norton deletes executables, only because it hasn't seen them before 2

Submitted by kmulier
kmulier writes: In its default settings, Norton Antivirus (used to be Symantec, now acquired by Broadcom) deletes executables and dlls, only because it hasn't seen them before. This practice harms small software companies and startups in their efforts to distribute software, especially because Norton has the largest market share in Windows anti-malware.

When users download and unzip a new software, Norton immediately scans the files and deletes everything it didn't see before. The deleted/quarantined files are marked as a "WS.Reputation.1" threat. From the Broadcom information page:

When using Symantec Endpoint Protection (SEP), the SEP client may log WS.Reputation.1 detections on legitimate executable files or installers from trusted vendors. Depending on policy settings, these files may be Quarantined or deleted. The most common cause of this is a change to the file, such as a new version of an application. When the new application version is deployed to a SEP endpoint, SEP client will look up the file from the Broadcom Insight database. If the file is too new or doesn't have enough usage to determine if the file is trustworthy, the SEP client returns a detection of WS.Reputation1. However, this does not indicate that the file is a threat, only that it is not trusted based on the prevalence in the larger Broadcom community based on usage, age, and other factors.

Slashdot reader @kmulier started a petition to raise awareness: [spam URL stripped]...

Even an expensive Code Signing Certificate, costing several hundreds of dollars, doesn't protect software developers from this practice. It seems that large software corporations make internal deals with Norton to circumvent the issue. Smaller companies are left out.

Norton Antivirus does have whitelisting forms, but they only accept executables up to a certain size. Also, these forms are no solution for software that contains hundreds of dlls — you can't fill in a form for each of them. Moreover, the developers would be forced to repeat this tedious task for every update.

Submission + - YouTube's Dislike Button Largely Fails to Stop Unwanted Recommendations (mozilla.org) 2

Submitted by AmiMoJo
AmiMoJo writes: YouTube’s user controls — buttons like “Dislike ” and “Not interested” — largely fail to help users avoid unwanted recommendations like misinformation and violent content, according to new research by Mozilla. An accompanying survey also found that YouTube’s controls routinely frustrate and confuse users.

Indeed, Mozilla’s research found that people who are experiencing unwanted recommendations and turn to the platform’s user controls for assistance prevent less than half of unwanted recommendations.

This is especially troubling because Mozilla’s past research shows that YouTube recommends videos that violate its very own community guidelines, like misinformation, violent content, hate speech, and spam. For example, one user in this most recent research asked YouTube to stop recommending war footage from Ukraine — but shortly after was recommended even more grisly content from the region.

The study, titled “Does This Button Work? Investigating YouTube's ineffective user controls” is the culmination of months of rigorous qualitative and quantitative research. The study was made possible by the data of more than 20,000 participants who used Mozilla's RegretsReporter browser extension, and by data about more than 500 million YouTube videos.

Submission + - Morgan Stanley Hard Drives With Client Data Turn Up on Auction Site (nytimes.com)

Submitted by SpzToid
SpzToid writes: On several occasions, the commission said, Morgan Stanley hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the personal information of millions of its customers.

The moving company then sold thousands of the devices to a third party, and the devices were then resold on an unnamed internet auction site, the commission said.

An information technology consultant in Oklahoma who bought some of the hard drives on the internet chastised Morgan Stanley after he found that he could still access the firm’s data on those devices.

Morgan Stanley is “a major financial institution and should be following some very stringent guidelines on how to deal with retiring hardware,” the consultant wrote in an email to Morgan Stanley in October 2017, according to the S.E.C.

Morgan Stanley Smith Barney has agreed to pay a $35 million fine to settle claims that it failed to protect the personal information of about 15 million customers, the Securities and Exchange Commission said on Tuesday.

In a statement announcing the settlement, the S.E.C. described what it called Morgan Stanley’s “extensive failures,” over a five-year period beginning in 2015, to safeguard customer information, in part by not properly disposing of hard drives and servers that ended up for sale on an internet auction site.

Morgan Stanley agreed to pay the $35 million penalty to the general fund of the United States Treasury Department, without admitting or denying the commission’s findings, the S.E.C. said.

Morgan Stanley said in a statement that it was “pleased to be resolving this matter.”

Submission + - Court to investigate Tech Giants over 14 year old's suicide (bbc.co.uk) 1

Submitted by Bruce66423
Bruce66423 writes: 'Almost five years after she took her own life, the inquest into the death of teenager Molly Russell is due to begin. Molly, 14, killed herself in 2017 after viewing material about self-harm, suicide and depression, on social media sites such as Instagram and Pinterest.

'Meta, which owns Instagram, and Pinterest are officially taking part in the inquest, which is due to last two weeks. It will hear evidence from executives from both companies, after they were ordered by the coroner to appear in person.

'Andy Burrows, head of child safety online policy at the NSPCC, said: "Molly's death is a tragedy that is all too relatable to all parents who worry about the risks their children face online.

'"For the first time we will see big tech representatives questioned under oath about how their products may have contributed to the death of a child."'

How much can Big Tech be held responsible for what's on their sites? Where is the balance between free speech and child safety?

Submission + - Why Craigslist Still Looks the Same After 25+ Years (pcmag.com)

Submitted by Anonymous Coward
An anonymous reader writes: Craigslist emerged in 1995 to connect strangers through a free, web-based platform that has endured as rivals services like Zillow, Facebook Marketplace, and countless dating apps emerged with advanced features and slick interfaces. These platforms survive on advertising and subscription revenue. Craigslist, of course, has none of that. Over the years, the OG online marketplace has all but refused to modernize; its mobile app only came out in 2019 after nearly 25 years in business. Why does the website still look the same after so many decades? That was the main question I had when I sat down for a video call with craigslist founder Craig Newmark, who joined me from the New York City apartment he shares with his wife, Eileen Whelpley.

Newmark stepped down as CEO of craigslist in 2000 after others told him he wasn’t cut out for management, he says. Jim Buckmaster has been at the helm since, though Newmark remains a partial owner. He now works on philanthropy full time, supporting groups like the Coalition Against Online Violence, which helps combat harassment against female journalists. Still, the 69-year-old entrepreneur is a billionaire (or near-billionaire since he’s given away millions). Our chat yielded much more than expected, from Costco hotdogs to Hello Kitty and his childhood Sunday School lessons. It’s clear that the website is the purest and most enduring expression of Craig Newmark, a humble tech mogul who marches to the beat of his own drum.

Comment Re:Disney's version of NC-17... (Score 1) 379

The roustabout song that depicts black people as feckless. ("we work all day we work all night we never learned to read or write" - "we don't when we get our pay but when we do we throw it all away" -and as apes... "grab that rope you hairy ape" - all draw as black

The crows and absolute black stereotypes

Comment Re:All climate stuff leads with a lie (Score 1) 137

by vague disclaimer (#60983926) Attached to: Are We Slowing Global Warming?

Ah, I see you error.

Pro tip: journalists aren't climate scientists.

Given that climate scientists know perfectly well that the climate was much warmer on paleological timescales, I believe the usual phrase is "I call bullshit".

The most any would say is "warmest since pre-industrial times" (and if you can't work out that this refers to human history, I can't help you.

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close