Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Website Taking Donations For the Assassination of Donald Trump and Mike Pence (csoonline.com)

itwbennett writes: Saying it 'requires a lot of money to pay for equipment, bribes' and the assets (human, we presume) it has positioned in the government, a website on the darknet is collecting donations for the assassination of President-elect Donald Trump and Vice President-elect Mike Pence. The Bitcoin wallet advertised on the website has collected more than $88,000 since March 2016. The U.S. Secret Service is aware of the website and has declined to comment.

Submission + - New Mirai Botnet Strain Has Gone Far Beyond Deutsche Telekom (csoonline.com)

itwbennett writes: On Monday, Deutsche Telekom reported that close to a million customers experienced internet connection problems from the new Mirai strain infecting their routers. Now security firm Flashpoint is saying the problem is more widespread and could affect up to 5 million internet routers and modems across the globe, including in the U.K., Brazil, Iran and Thailand. It’s still unclear how many devices have been infected, but Flashpoint estimates that as many as five million devices are vulnerable. 'If even a fraction of these vulnerable devices were compromised, they would add considerable power to an existing botnet,' Flashpoint said in a Tuesday blog post.

Submission + - US Lawmakers Balk At Call for IoT Security Regulations (csoonline.com)

itwbennett writes: Calling regulations a 'knee-jerk reaction' and potential 'innovation killer,' Representative Greg Walden, an Oregon Republican, showed the resistance Bruce Schneier faced in when he testified before Congress about internet of things security today. And, completely missing the point about what is at risk, Walden added, 'I don't think I want my refrigerator talking to some food police.'

Submission + - Facebook Wants To Sway Your Purchases, Not Your Politics (cio.com)

itwbennett writes: In a blog post published four days after the election, Facebook founder and CEO Mark Zuckerberg defended the social network as a neutral party that doesn't bear the same responsibilities as a media outlet and said that Facebook should be 'extremely cautious about becoming arbiters of truth ourselves.' But the company is walking a fine line, says CIO.com's Matt Kapko:

Politics aside, the contradictions Zuckerberg made about the social network's influence and its potential impact on users could become a glaring problem. If the content, including any misinformation, that Facebook distributes to more than 1.79 billion people every month can't influence the outcome of an election, just how effective are the $6.8 billion in ads it sold during the third quarter of 2016?

Submission + - Hacker Shows How Easy It Is To Take Over A City's Public Wi-Fi Network

itwbennett writes: Over the course of a few weeks, Amihai Neiderman, the head of research at Israeli cybersecurity firm Equus Technologies, made a project of finding a way to compromise a wireless hotspot that he noticed on his way home from work one day. Neiderman presented his findings and reverse-engineering efforts Thursday at the DefCamp security conference in Bucharest, Romania. You can read about it here. The bottom line: a buffer overflow in a single router model could have endangered thousands of Wi-Fi users.

Submission + - Mobile Subscriber Identity Numbers Can Be Exposed Over Wi-Fi (csoonline.com)

itwbennett writes: Using fake cell towers to track and identify mobile phone users has been rendered passe by research Piers O'Hanlon and Ravishankar Borgaonkar from the University of Oxford's Department of Computer Science. The pair found that, for the purpose of tracking only, Wi-Fi networks can also be used to trick mobile devices into exposing their IMSI numbers. That's thanks to protocol and configuration weaknesses in mobile data offloading technologies such as automatic Wi-Fi connections and Wi-Fi calling that mobile operators are increasingly adopting to reduce costs and congestion on their cellular networks.

Submission + - Google To Untrust WoSign and StartCom Certificates (csoonline.com)

itwbennett writes: Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by certificate authorities WoSign and StartCom because they violated industry rules and best practices. The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by the two authorities after October 21.

Submission + - Google Discloses Windows 0-Day, Microsoft Argues Disclosure Ethics (csoonline.com)

itwbennett writes: On Monday, 10 days after discovering a zero-day flaw in Windows that, if exploited, would enable an attacker to use it as a security sandbox escape, Google disclosed basic details about the flaw. Instead of offering information on a fix, Microsoft took the opportunity to say that Google’s actions have potentially placed customers at risk, to promote Windows 10 and to argue for coordinated disclosure. For its part, Google takes the view that seven days is plenty of time to issue guidance and notification, if not a proper patch. And so the battle over disclosure goes on. Whose side do you take?

Submission + - Lost thumb drives bedevil US banking agency (csoonline.com)

itwbennett writes: In November 2015, two weeks before he retired, an employee at the Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, downloaded a large amount of data to two thumb drives, which he is now unable to locate. The agency reported the case to Congress on Friday, saying the loss represented 'a major information security incident' and described the data as 'controlled unclassified information, including privacy information.' The FDIC has had similar problems with bank records walking out the door on removable media. In those cases, the agency considered the data breaches to be 'inadvertent' copying of personal banking information that happened when departing employees were copying personal information to removable media, Lawrence Gross Jr., according to the FDIC's CIO.

Submission + - Easy-To-Exploit Rooting Flaw Puts Linux Computers At Risk (csoonline.com)

itwbennett writes: The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability, tracked as CVE-2016-5195, that has has existed in the Linux kernel for the past nine years and is already being exploited in the wild. The Red Hat security team describes the flaw as a 'race' condition, 'in the way the Linux kernel's memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.' This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system. The vulnerability was fixed last week by the Linux kernel developers and patches for Linux distributions, including Red Hat, Debian, Ubuntu, Gentoo and Suse, have been released or are in the process of being released.

Submission + - Half Of US Adults Are Profiled In Police Facial Recognition Databases (perpetuallineup.org)

itwbennett writes: Photographs of nearly half of all U.S. adults — 117 million people — are collected in police facial recognition databases across the country with little regulation over how the networks are searched and used, according to a new study from the Center on Privacy & Technology at Georgetown Law. About 20 states, including Texas, Florida, Illinois, Ohio, and Pennsylvania allow police to search drivers license photo databases. Police in a handful of other states and cities San Fransisco, Los Angeles, San Diego, and Chicago can search criminal mug shots, the report said. Police agencies don't need a search warrant to search facial recognition databases, the report said. 'We are not aware of any agency that requires warrants for searches or limits them to serious crimes,' the authors wrote. 'This has consequences.'

Submission + - Payment Card Data Skimmed from National Republican Senatorial Committee Website (csoonline.com)

itwbennett writes: If you gave money to the National Republican Senatorial Committee (NRSC) between March 16 and October 5 this year, you might want to check your credit card statement because the platform used to conduct the transaction was compromised by malicious JavaScript code designed to steal credit card details and personal information. It’s hard to tell how many transactions on the NRSC website were compromised, but the researcher who discovered the skimming attacks said that upwards of 3,500 compromised transactions per month were possible. For its part, the NRSC quietly corrected the problem sometime around October 6, 2016, replacing the compromised storefront with a new one powered by WordPress.

Slashdot Top Deals

Any sufficiently advanced technology is indistinguishable from a rigged demo.