Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
Government

America's NIST Seeks Public Comments on Cybersecurity and Cryptography (thehill.com) 55

Posted by EditorDavid from the serious-replies-only dept.
An anonymous Slashdot reader writes: The National Institute of Standards and Technology has its own "Commission on Enhancing National Cybersecurity," and this week they issued a call for public comments on "current and future challenges" involving critical infrastructure cybersecurity, the concept of cybersecurity insurance, public awareness, and the internet of things (among other topics) for both the private and public sector.
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity."

Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."
Desktops (Apple)

Typosquatters Running .om Domain Scam To Push Mac Malware (threatpost.com) 64

Posted by BeauHD from the slash-dot-dot-om dept.
msm1267 writes from an article on Threatpost: Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web. According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns. Mac OS X users are being singled out in this typosquatting campaign with malware. According to Endgame, when a Mac user stumbles on one of the typosquatters' webpages, a fake Adobe Flash update pops up and attempts to trick users to install the advertising component called Genieo. Endgame suspects that typosquatters are exploiting a hole in Oman's domain name registration process. When Endgame tried to register a domain it was asked to verify that it had the authority to registrar a specific commercial domain. "It's unclear how typosquatters were able to register so many domains in such a short period of time," Endgame said.
Upgrades

Cyanogen Tackles How Developers Interact With Mobile Devices (sdtimes.com) 39

Posted by yaelk from the upgrades dept.
An anonymous reader writes: Cyanogen has announced a new integrated mobile platform designed to change the way users, developers, OEMs and MNOs build and interact with mobile devices. Their new platform MOD provides developers with APIs they can use to implement intelligent, contextually aware and lightweight experiences natively into the mobile operating system. It also allows users to extend the functionality of their devices.
Security

Cyber Ring Stole Secrets For Gaming US Stock Market 37

Posted by samzenpus from the protect-ya-neck dept.
chicksdaddy writes Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers' reach within the target organization: sending phishing email messages to other employees.
Windows

Complete Microsoft EMET Bypass Developed 116

Posted by Unknown Lamer from the just-a-teeny-tiny-bug dept.
msm1267 writes "Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Principal security researcher Jared DeMott is delivered a presentation at the Security BSides conference explaining how the company's researchers were able to bypass all of the memory protections offered within the free Windows toolkit. The work is significant given that Microsoft has been quick to urge customers to install and run EMET as a temporary mitigation against zero-day exploits targeting memory vulnerabilities in Windows or Internet Explorer. The exploit bypasses all of EMET's mitigations, unlike previous bypasses that were able to beat only certain aspects of the tool. Researchers took a real-world IE exploit and tweaked it until they had a complete bypass of EMET's ROP, heap spray, SEHOP, ASLR, and DEP mitigations."
Hardware

Are We Socially Ready For Wearable Computing? 214

Posted by timothy from the google-glass-still-makes-you-a-four-eyes dept.
An anonymous reader writes "Smart watches have arrived, and Google Glass is on its way. As early-adopters start to gain some experience with these devices, they're learning some interesting lessons about how wearable computing affects our behavior differently from even smartphones and tablets. Vint Cerf says, 'Our social conventions have not kept up with the technology.' Right now, it's considered impolite to talk on your cellphone while checking out at the grocery store, or to ignore a face-to-face conversation in favor of texting somebody. But 20 years ago, those actions weren't even on our social radar. Wearable devices create some obvious social problems, like the aversion to Glass's ever-present camera. But there are subtler ones, as well, for which we'll need to develop another set of social norms. A Pebble smart watch user gave an example: 'People thought I was being rude and checking the time constantly when I was really monitoring incoming messages. It sent the wrong signal.' The article continues, 'Therein lies the wearables conundrum. You can put a phone away and choose not to use it. You can turn to it with permission if you're so inclined. Wearables provide no opportunity for pause, as their interruptions tend to be fairly continuous, and the interaction is more physical (an averted glance or a vibration directly on your arm). It's nearly impossible to train yourself to avoid the reflex-like response of interacting. By comparison, a cell phone is away (in your pocket, on a table) and has to be reached for.'"
Handhelds

Ask Slashdot: Is There a Good Device Holster? 296

Posted by Soulskill from the infinite-cargo-shorts dept.
gurps_npc writes "I have seen several technology holsters. There are a lot of good ones for cell phones, but I am looking for something larger — for a tablet (Nook/Kindle/Nexus/iPad). There is, however, a direct trade-off between being discreet and having decent carrying capacity. Has anyone found an ideal balance? I would love to hear from people with direct experience. Do you look like the worst kind of geek hipster while wearing it? Any feature I should look for? I found one from a company called techslinger, but it looks a bit too geeky for me (double-sided makes it really stand out)."
United States

Snowden Claims That NSA Collaborated With Israel To Write Stuxnet Virus 491

Posted by samzenpus from the in-today's-leaked-news dept.
andrewa writes "In an interview with Der Spiegel Snowden claims that the NSA, amongst other things, collaborated with Israel to write the Stuxnet virus. Not that this is news, as it has been suspected that it was a collaborative effort for some time. When asked about active major programs and how international partners help, Snowden says: 'The partners in the "Five Eyes" (behind which are hidden the secret services of the Americans, the British, the Australians, New Zealanders and Canadians -- ed.) sometimes go even further than the NSA people themselves. Take the Tempora program of the British intelligence GCHQ for instance. Tempora is the first "I save everything" approach ("Full take") in the intelligence world. It sucks in all data, no matter what it is, and which rights are violated by it. This buffered storage allows for subsequent monitoring; not a single bit escapes. Right now, the system is capable of saving three days’ worth of traffic, but that will be optimized. Three days may perhaps not sound like a lot, but it's not just about connection metadata. "Full take" means that the system saves everything. If you send a data packet and if makes its way through the UK, we will get it. If you download anything, and the server is in the UK, then we get it. And if the data about your sick daughter is processed through a London call center, then ... Oh, I think you have understood.'"
Movies

Happy Culture Freedom Day! 45

Posted by timothy from the free-opus dept.
Blug_fred writes "For the second edition, today is the time to celebrate Culture Freedom Day. While not as popular as HFD or SFD, celebrating Free Culture involves finding Free Culture artists, inviting them to your place and having them perform, display or talk about what their creation(s). Of course you can always simply project a couple of Free Culture movies and launch a discussion about their business models. Either way you can find all the happening for today here on the map and we sincerely hope there will be something of interest near you."
AMD

AMD Radeon HD 7990 Released: Dual GPUs and 6G of Memory for $1000 189

Posted by Unknown Lamer from the faster-than-a-voodoo-4 dept.
An anonymous reader writes "Today AMD has officially unveiled its long-awaited dual-GPU Tahiti-based card. Codenamed Malta, the $1,000 Radeon HD 7990 is positioned directly against Nvidia's dual-GPU GeForce GTX 690. Tom's Hardware posted the performance data. Because Fraps measures data at a stage in the pipeline before what is actually seen on-screen, they employed Nvidia's FCAT (Frame Capture Analysis Tools). ... The 690 is beating AMD's new flagship in six out of eight titles. ... AMD is bundling eight titles with every 7990, including: BioShock Infinite, Tomb Raider, Crysis 3, Far Cry 3, Far Cry 3: Blood Dragon, Hitman: Absolution, Sleeping Dogs, and Deus Ex: Human Revolution." OpenGL performance doesn't seem too off from the competing Nvidia card, but the 7990 dominates when using OpenCL. Power management looks decent: ~375W at full load, but a nice 20W at idle (it can turn the second chip off entirely when unneeded). PC Perspective claims there are issues with Crossfire and an un-synchronized rendering pipeline that leads to a slight decrease in the actual frame rate, but that should be fixed by an updated Catalyst this summer.

Comment Re:Can't wait for the "NOOOO! Censorship!" crowd.. (Score 1) 898

by Cryp2Nite (#37398300) Attached to: UK Man Jailed For Being a Jerk On the Internet

I've outlined why I disagree with this multiple times. Not only was no physical damage done, but they need not be offended by anything this guy does. That is completely up to them.

I think you are looking at this the wrong way. Intent matters, it doesn't even matter if they took offense.

If I take a physical swing at someones chin and manage to miss it is still assault. If I attempt to shoot someone and miss it is assault.

I don't see how this as being much different. The guy takes an action with the intent to cause emotional harm.

I think most people can agree that attempt to cause harm is something that you can reasonably legislate against.

Comment Re:A Christian's take (Score 1) 1252

by Cryp2Nite (#31120318) Attached to: Texas Textbooks Battle Is Actually an American War

I can live with doubt, and uncertainty, and not knowing. I think it's much more interesting to live not knowing than to have answers which might be wrong. I have approximate answers, and possible beliefs, and different degrees of certainty about different things, but I'm not absolutely sure of anything, and in many things I don't know anything about, such as whether it means anything to ask why we're here, and what the question might mean. I might think about a little, but if I can't figure it out, then I go to something else. But I don't have to know an answer. I don't feel frightened by not knowing things, by being lost in a mysterious universe without having any purpose, which is the way it really is, as far as I can tell, possibly. It doesn't frighten me.
-- Richard Feynman (The Pleasure of Finding Things Out)

And, because you can't beat his delivery and the sparkle in his eyes: http://www.youtube.com/watch?v=_MmpUWEW6Is

Slashdot Top Deals

Heuristics are bug ridden by definition. If they didn't have bugs, then they'd be algorithms.

Close