Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
The Almighty Buck

Microsoft Slaps $250K Bounty On Conficker Worm 258

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."
Networking

SoHo NAS With Good Network Throughput? 517

An anonymous reader writes "I work at a small business where we need to move around large datasets regularly (move onto test machine, test, move onto NAS for storage, move back to test machine, lather-rinse-repeat). The network is mostly OS X and Linux with one Windows machine (for compatibility testing). The size of our datasets is typically in the multiple GB, so network speed is as important as storage size. I'm looking for a preferably off-the shelf solution that can handle a significant portion of a GigE; maxing out at 6MB is useless. I've been looking at SoHo NAS's that support RAID such as Drobo, NetGear (formerly Infrant), and BuffaloTech (who unfortunately doesn't even list whether they support OS X). They all claim they come with a GigE interface, but what sort of network throughput can they really sustain? Most of the numbers I can find on the websites only talk about drive throughput, not network, so I'm hoping some of you with real-world experience can shed some light here."
Censorship

Court Nixes National Security Letter Gag Provision 128

2phar sends news that on Monday a federal appeals court ruled unconstitutional the gag provision of the Patriot Act's National Security Letters. Until the ruling, recipients of NSLs were legally forbidden from speaking out. "The appeals court invalidated parts of the statute that wrongly placed the burden on NSL recipients to initiate judicial review of gag orders, holding that the government has the burden to go to court and justify silencing NSL recipients. The appeals court also invalidated parts of the statute that narrowly limited judicial review of the gag orders — provisions that required the courts to treat the government's claims about the need for secrecy as conclusive and required the courts to defer entirely to the executive branch." Update: 12/16 22:26 GMT by KD : Julian Sanchez, Washington Editor for Ars Technica, sent this cautionary note: "Both the item on yesterday's National Security Letter ruling and the RawStory article to which it links are somewhat misleading. It remains the case that ISPs served with an NSL are forbidden from speaking out; the difference is that under the ruling it will be somewhat easier for the ISPs to challenge that gag order, and the government will have to do a little bit more to persuade a court to maintain the gag when it is challenged. But despite what the ACLU's press releases imply, this is really not a 'victory' for them, or at least only a very minor one. Relative to the decision the government was appealing, it would make at least as much sense to call it a victory for the government. The lower court had struck down the NSL provisions of the PATRIOT Act entirely. This ruling left both the NSL statute and the gag order in place, but made oversight slightly stricter. If you look back at the hearings from this summer, you'll see that most of the new ruling involves the court making all the minor adjustments that the government had urged them to make, and which the ACLU had urged them to reject as inadequate."
Security

Remote Code Execution Hole Found In Snort 95

Palljon1123 writes "A stack-based buffer overflow in the Snort intrusion detection system could leave government and enterprise installations vulnerable to remote unauthenticated code execution attacks. The flaw, found by researchers at IBM's ISS X-Force, affects the Snort DCE/RPC preprocessor and could be used to execute code with the same privileges (usually root or SYSTEM) as the Snort binary. No user action is required." Sourcefire has an update to fix the vulnerability in versions 2.6.1, 2.6.1.1, and 2.6.1.2; Heise Security spells out the workaround for the 2.7.0 beta version.

Slashdot Top Deals

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...