Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Russia's Rise To Cyberwar Superpower

blottsie writes: In a flurry of action over the last decade, Russia has established itself as one of the world’s great and most active cyber powers.

The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee. The culprit is alleged by many, including Democratic Party officials, to be Russia. The evidence—plainly not definitive but clearly substantial—has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have “high confidence” that Russia is behind the attack.

“They are some of the best in the world,” Chris Finan, a former director of cybersecurity legislation in the Obama administration, an ex-director at DARPA for cyberwar research, and now the CEO of the security firm Manifold Technology, says. “We’re not talking North Korea or even China, who are really sloppy. The Russians are really good at covering their tracks.”

Submission + - Leaky Database Leaves Oklahoma Police, Bank Vulnerable To Intruders

blottsie writes: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank.

The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans.

The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.

Submission + - The Trials And Tribulations Of 'Kidnapped' Startup Founder Mayer Mizrachi (dailydot.com)

blottsie writes: Mayer Mizrachi and his attorney sat in the backseat as guards drove through the barbed-wire gates of La Picota prison and deposited the pair onto a sidewalk in Bogotá, Colombia. Mizrachi held fast onto a piece of paper in his right hand that declared his freedom. Before slipping into a taxi, he took one last look at the prison behind him, his home for nearly six months.

The nightmare, it seemed, was finally coming to an end. Today, Mizrachi's future is anything but certain.

In the United States, we’re used to hearing tales of technology startup failures and successes. None compare to that of Mizrachi, a 28-year-old tech entrepreneur and startup CEO, who has endured what his attorney characterizes as “kidnapping,” months of imprisonment, political grudges targeting his family, multinational maneuvering, and a life-long illness that could kill him at any moment.

In this months-long investigation, the Daily Dot dives into the forces that landed Mizrachi in prison, and how he escaped to freedom—for now.

Submission + - FBI May Be Hiding Facial Recognition Databases From GAO

blottsie writes: A Government Accountability Office (GAO) report released this week revealed that the FBI is using images culled from driver’s licenses, as well as passport and visa applications, in its criminal facial recognition database, something civil liberties advocates find highly problematic.

Perhaps more worrisome, however, is that the GAO report only reveals what the FBI told GAO investigators—meaning the bureau may have far more facial recognition databases that it's hiding.

So how many libraries does the FBI have? “Oh, who knows,” FBI CJIS privacy attorney Roxane Panarella said, followed by some laughter. “There might be hundreds, or thousands, but there will only be some that are valuable to the FBI and some that are going to be legally allowed to be searched by us.”

Submission + - Online Voting Is A Cybersecurity Nightmare

erier2003 writes: Internet voting isn’t online banking or video calling or tweeting. Voting is a special activity, and trying to do it online poses special problems, most of which security researchers don’t yet know how to solve. Through conversations with cybersecurity experts, political scientists, a former Department of Homeland Security official, and a representative from online voting vendor, the Daily Dot's Eric Geller explores why we're a long way off from casting ballots online.

Submission + - New Whistleblower Points To Lawful Disclosure Method Edward Snowden Didn't Try 1

blottsie writes: John Crane, a former head of whistleblower protections has become a whistleblower himself, laying bare how official channels designed for government workers to safely expose wrongdoing are ensnaring them instead. Though some are calling the revelations “vindication for Edward Snowden,” the Crane refuses to condone Snowden’s decision, telling the Daily Dot that the former National Security Agency contractor left a key, legal avenue unexplored.

Submission + - Documenting the Chilling Effects of NSA Surveillance

AmiMoJo writes: This interesting research documents this phenomenon in Wikipedia: "Chilling Effects: Online Surveillance and Wikipedia Use," by Jon Penney, Berkeley Technology Law Journal, 2016. Internet traffic to Wikipedia pages summarizing knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the U.S. National Security Agency, suggesting that concerns about government snooping are hurting the ordinary pursuit of information.

Submission + - Makerbot dead?

goose-incarnated writes: Makerbot announces new layoffs and an end to self-manufactured products. Pundits rush to pen the obituary. Is this the beginning of the end for 3D printing, or are we simply seeing the "second mouse gets the cheese" meme in action?

Note: Netcraft has not yet weighed in on this announcement.

Submission + - GAO Says Hack Proof Cars Are Years Away (securityledger.com)

chicksdaddy writes: Security improvements for connected cars may be years away, as both the government and industry struggle to catch up on the cyber security issue, according to a report from the Government Accountability Office (GAO), the Security Ledger is reporting. (https://securityledger.com/2016/04/gao-help-securing-connected-cars-is-years-away/)

In a report published in March (http://www.gao.gov/assets/680/676064.pdf) GAO paints a worrying picture as regards vehicle cyber security, telling Congress that modern vehicles feature many communications interfaces that are vulnerable to attack, and noting that remote, software based attacks that affect critical vehicle functions have already been demonstrated by researchers. Unfortunately, measures to address those threats are likely years away, as automakers work to design more secure in-vehicle systems and regulators, like that National Highway Traffic Safety Administration (NHTSA) struggle to determine their role and the scope of possible regulations.

In either case, help is likely years away, the GAO concluded, citing information gleaned from automotive industry “stakeholders.”

Despite independent research dating back more than five years showing that remote, software based attacks on vehicles were technically possible, GAO notes that both the government and industry have been slow to respond.

“Despite awareness of risks related to vehicle cybersecurity since at least 2011, the auto industry and NHTSA have only recently sharpened their focus on this issue,” GAO said.

NHTSA, the government’s lead body on vehicle safety, has taken “several important steps” on vehicle cybersecurity since 2012, GAO noted that the agency has established a vehicle-cybersecurity research program and is “soliciting industry input on the need for government and voluntary industry standards.”(https://securityledger.com/2016/04/nhtsa-drafting-cyber-security-guidelines-for-light-vehicles/) However, “NHTSA does not anticipate making a final determination on the need for government standards until 2018 when additional cybersecurity research is expected to be completed,” GAO noted.

So too on industry efforts to address vehicle cybersecurity. The development of an Automotive ISAC and a voluntary design and engineering process standard for cybersecurity—are still in their early stages, GAO notes.

“As such, some of these government and industry efforts to address vehicle cybersecurity are unlikely to provide many benefits for vehicles already operating on the roads today or those currently in the design and production stages,” the report notes.

Submission + - Former Tor developer created malware to hack Tor users for the FBI (dailydot.com)

Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

Submission + - 'Crypto Wars' Timeline: A Complete History Of The New Encryption Debate

blottsie writes: The latest debate over encryption did not begin with a court order demanding Apple help the FBI unlock a dead terrorist's iPhone. The new "Crypto Wars," chronicled in an comprehensive timeline by Eric Geller of the Daily Dot, dates back to at least 2003, with the introduction of "Patriot Act II." The battle over privacy and personal security versus crime-fighting and national security has, however, become a mainstream debate in recent months.

Submission + - Things Sysadmins and Developers Would Change About One Another

Esther Schindler writes: Even in the best of organizations, the development and operations departments have friction. Each has its own goals, metrics for success, and team culture. Plus, ops is in the business of making things predictable and unchanging, while developers are in the business of changing everything. Those opposing priorities make it harder for dev and ops to communicate freely. Despite the industry’s ongoing efforts to bring the communities together, developers continue to grumble about ops, who simultaneously grumble about devs.

Grumbling doesn’t help to resolve the tension (or desire to throttle someone). Understanding does. So both developers and sysadmins were asked to imagine that they were granted a single wish: You have the power to give your company’s [ops team | development team] an understanding of one thing — just one thing — that currently irks you. What spell would you cast with that magic wand?

The results are in two articles: 3 Way Ops Can Help Devs: A Developer Perspective and 3 Ways Devs Can Help Ops: An Operations Perspective. Maybe it's not surprising that the shared component is: Listen to each other more. Share what you're up to, and what the goal is. (Kumbaya optional.)

But maybe some of the specifics can help you grok where the other folks are coming from. For instance:

As a developer named John writes, “Software development sometimes needs to be allowed to bend the rules/regulations in order to operate efficiently/quickly. Too many times, the rules (e.g., who has access, when, what can be installed, etc.) cause ridiculous delays in cycle time for development or support.”

and

A classic example is when developers assume always-on connectivity. “The network is not a static monolith that never changes,” one ops staffer noted. “We’re planning a data center network upgrade. It will require disconnecting every server and reconnecting them to the new switches.” That could cause some apps to think the entire world has ended and crash in an untidy heap.

Would you have included different magic spells?

Submission + - Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary (softpedia.com)

An anonymous reader writes: A routine security audit discovered malware on the computer systems of the Gundremmingen nuclear power plant in Germany. RWE, the plant's operator, shut down the power plant for precaution, despite saying it was nothing serious. The malware affected computers used for the fuel loading and unloading process, but did not affect any of the sensitive ICS/SCADA equipment.

The incident was discovered Sunday, but two days later, the power plant is still offline. Today also marks 30 years since the Chernobyl nuclear power plant disaster.

Submission + - Great Computers Never Die (ieee.org)

schwit1 writes: The Vintage Computer Festival East (VCF East) took place from 15-17 April at the InfoAge Science Center in Wall, New Jersey. Computers on display included: a fully restored and working Apple 1;an Altair 8800;and a host of 8- and 16-bit machines, including a collection of (mostly unlicensed) Apple II clones from around the world, and an array of Commodore 64s upgraded to do things like control the lights in your home. Speakers at the festivalincluded the legendary Ted Nelson, the man who coined the words hypertext, hypermedia, andother additions to our modern digital lexicon. We sent IEEE Spectrum’sSenior Editor Stephen Cass out to New Jersey to give us a dose of nostalgia and some inspiration from the dawn of the Digital Age.

Slashdot Top Deals

Kiss your keyboard goodbye!

Working...