Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission + - Oracle, chat & raw code found in Mossack Fonseca offshore web portal (www.unicornriot.ninja)

HongPong writes: The PanamaPapers law firm Mossack Fonseca exposed most of their customer service portal's backend, unpatched Drupal code through misconfiguring an Oracle server, also revealing a "portfolio" content type & possible local chat server. These vulnerabilities provide clues as to how the PanamaPapers might have been extracted remotely. This extends stories in Forbes & Wired UK about their security problems.

Submission + - FBI Director James Comey Warns Against Unbreakable Encryption, Absolute Privacy

blottsie writes: In an interview with the Daily Dot on Wednesday, Comey suggested Apple should weaken its encryption on its products to the level of iCloud, which the company can decrypt. “Today, Apple encrypts the iCloud but decrypts it in response to court orders,” he said. “So are they materially insecure because of that?”

Comey also warned against "absolute privacy," saying, "I love strong encryption. It protects us in so many ways from bad people. But it takes us to a place—absolute privacy—that we have not been to before.”

Comment Fixed that for you (Score 2) 104

Hello,

I would suggest the following amendment to your draft text:

Be it resolved that computers running or intending to run Microsoft Windows purchased by the department which boot using the Unified Extensible Firmware Interface (UEFI) have the ability to disable the Secure Boot feature." REMOVING: s for both local hard drive and network booting.

If you want to put in verbiage saying Secure Boot should be disabled, the language should reflect this in its entirety, not just for what types of devices the computer boots from. Example: A manufacturer who disabled booting from SSDs, USB flash drives or optical media would still be in spec with your requirements, since you only specified hard disk drives and PXE booting in your text.

Also, keep in mind your requirement is not going to work with Windows 10 Mobile devices (phones, phablets and the like) as UEFI with Secure Boot enabled is part of the requirements for devices running that edition of Windows 10.

Regards,

Aryeh Goretsky

Comment Nothing new here... (Score 3, Insightful) 186

Hello,

Mr. McAfee has a rich and varied history of stating as fact things which cannot be proven as true or as false, simply because they cannot be verified. It is most certainly not paranoid rantings, nor is it based on any actual information about the current situation. Instead, it is carefully-crafted statements made for one reason and one reason only: To maximize his coverage in the media.

Recent examples of similar behavior include:

  • Notifying the world that he had determined the Ashley Madison hacker to be a former female employee, based entirely on his interpretation of the language used in the disclosures. In fact, investigative journalist Brian Krebs had contemporaneously identified the probably hacker as European man who had lived in North America for a period.
  • Offering to decrypt the iPhone used at work by Syed Rizwan Farook, primarily through the use of social engineering to obtain the passphrase or PIN unlock code. Social engineering the dead man's close friends and relatives in order to gain relevant information would likely need to be done in Arabic, Urdu or perhaps even Pashto. And, in any case, was subsequently rendered moot when it was revealed the phone's passphrase had been reset by law enforcement.
  • Claiming that America was vulnerable to EMP attacks, despite the fact that EMP weaponry had been investigated for years by Winn Schwartau who eventually determined widespread use wasn't feasible.

Sometimes making comments to the media works to McAfee's advantage, sometimes they don't. But as long as he keeps coming up with new ones, he keeps getting media coverage. This story is just one more example of such continuing behavior.

Regards,

Aryeh Goretsky

Comment Re:No backdoors here Mr. McAfee... apk (Score 1) 186

Hello,

Actually, hosts files are a reactive technology and not a proactive one, since they only block what is already listed in them. That does not mean they are useless, of course, but that they are just a supplemental tool, much like anti-malware software, segmenting administrative and user privilege, auditing logs, etc. There's no one magic bullet for security.

Regards,

Aryeh Goretsky

Submission + - Porn Clicker Android Malware Hits Google Play Hard

An anonymous reader writes: In a little over seven months, cybercriminals using click-jacking mobile malware to earn affiliate income have managed to push over 340 instances of the malware into Google Play. The “Porn Clicker,” as ESET researchers have dubbed the threat, does not steal user information or download additional malware – it simply clicks on ads generated by the attackers’ servers and shown on pornographic websites. The user is none the wiser, as the malicious app does so covertly.

Comment Billions and billions served... (Score 1) 64

Hello,

Not sure if it is still the case (it's been years since I've installed Java) but didn't the runtime installer display a message saying something like three billion devices run Java? I wonder if the reason for not uninstalling old version was to help inflate that count.

Regards,

Aryeh Goretsky

Comment List of laptop surge supressors (Score 1) 138

Hello,

Inline 100-240V laptop surge suppressors are readily available from online electronics retailers. Here are a few that will work for you:

I've used the APC model without any issues, as well as models from Targus and TRC that has since been discontinued, but occasionally show up online for sale.

Regards,

Aryeh Goretsky

Comment Use of ASLR and DEP in AV software still lacking.. (Score 1) 132

Hello,

Last month, anti-malware testing company AV-Test issued a report titled "Self-Protection for Antivirus Software" in which they looked at the use of ASLR and DEP in 32 different anti-malware programs. Of all these programs, only one had 100% of its files compiled with those protections.

Of course, anti-malware programs usually have their own anti-tamper mechanisms to ensure code and data integrity, but it seems like there's still some ways to go, and even it is still a good idea to make use of additional security functionality available through the compiler and operating system.

Regards,

Aryeh Goretsky

Comment issue with ESET software has been resolved (Score 3, Informative) 360

Hello,

The problem with the Windows 10 Build 10586 (aka v1511, TH2) installer detecting versions of ESET's software that are compatible with Windows 10 as not being compatible has been fixed by Microsoft. Simply allow the installer to connect to the Internet for the latest updates and it will download an update that allows is to recognize all compatible versions of ESET's software.

Customers who were on the latest builds of ESET's software (v9.0.318 for consumer, v6.2.2033 for enterprise) were never affected by this, but customers who had older--but still Windows 10 compatible--builds did have there versions flagged when Build 10586 of Windows 10 was installed.

For more information, see the following E SET knowledgebase article: http://support.eset.com/kb3733...

Regards,

Aryeh Goretsky

Slashdot Top Deals

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...