Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Tunnelled IPv6 attacks bypass network intrusion detection systems (

Bismillah writes: Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks — without being spotted by network intrusion detection systems.

Submission + - TLS-busting security products considered harmful (

Bismillah writes: Researchers tested a bunch of network middle boxes and antiviruses that break TLS to intercept and analyse traffic, and found most seriously degraded the security of connections, rather than the opposite. Bad TLS implementations in the intercepting products meant they introduced weak ciphers, POODLE, LOGJAM and CRIME vulnerabilities. Configuration of middle boxes sounds like a nightmare, adding to the woes. Some vendors' response?
"It's the customer's responsibility to configure the middle boxes correctly."

Submission + - Shopping mall SMS parking notifications could be used to track any car. (

Bismillah writes: Westfield's Scentre Group has removed SMS notifications for its ticketless parking system after it was discovered they could be used to track other people's cars unnoticed. The system allows you to enter any licence plate, which in turn will be scanned upon entry and exit at mall parking facilities — and when the free parking time is up, a notification message is sent to the mobile phone number entered, with the exact location of the car.

Submission + - Leaked NSA doc reveals 'sheer luck' needed to find useful info in sea of data (

schwit1 writes: The NSA didn’t know it was already sitting on a “goldmine” of data on one of its targets until one of its analysts discovered it by “sheer luck,” according to an internal newsletter entry leaked by Edward Snowden.

The article, dated March 23, 2011, was written by a signals development analyst in SIDtoday, an NSA in-house newsletter. He explains how he discovered the contact and personal information for over 10,000 people, as well as some 900 account login details, after “a ton of hard work,” according to reports from The Intercept and teleSUR.

“By sheer luck, (and a ton of hard work) I discovered an important new access to an existing target and am working with TAO to leverage a new mission capability,” the analyst wrote to colleagues. TAO refers to Tailored Access Operations, an NSA hacking team which had collected the 900 usernames and passcodes.

The “existing target” was Petróleos de Venezuela, a Venezuelan state oil company also referred to as PDVSA.

Submission + - Would you pay US$100 per IPv4 address? (

Bismillah writes: Companies and organisations with IPv4 address allocations may feel a little more flush than usual, as trading in number blocks has kicked off in earnest this year, potentially making them a bookable asset. Brokers hoping to cash in on the IPv4 transfer market think the price will hit US$30 per address, and could even go as high as US$100. Now where's that IPv6 internet again?

Submission + - UK intrusion software export controls threaten research, pen-testing (

Bismillah writes: Britain has released it's version of the regulations under which intrusion software and malware samples may require export licenses.

The export regulations are part of what UK agreed to, under the Wassenaar Arrangement for arms control.

Interestingly enough, popping up calc.exe for PoC demos gets a specific exemption, but the rest is pretty opaque.

Slashdot Top Deals

"There is no statute of limitations on stupidity." -- Randomly produced by a computer program called Markov3.