Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Ask Slashtot: How to determine if your IOT device is part of a botnet? 1

galgon writes: There has been a number of stories of IoT devices becoming part of
Botnets and being used in DDOS Attacks. If these devices are seemingly working correctly to the user how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?

Submission + - Norwegian Oil Fund Asked to Consdier if Facebook is Unetical 2

polemistes writes: During the last few weeks there has been an uproar (this is in English) in Norwegian media about Facebook censorship. It started with writer Tom Egeland posting the iconic 1972 photo of Kim Phuc, running from a napalm bomb. Facebook decided that the nudity in the photo could be offensive, so they deleted it. When Egeland posted to criticise the censorship, the whole post was deleted. A major internet news site wrote about it, and the editor shared his article on Facebook, and was blocked for 24 hours. Now the Norwegian Press Association has asked the ethics committee of the Norwegain Oil Fund, who has invested about $1.6 billion in Facebook, to consider whether Facebook is acting unethically. If they are found to do so, the fund will have to withdraw their investments, because its strict ethical code. As a side-note:The google-translated article also censors the photo.

Comment Re:Defendable (Score 5, Interesting) 116

Hmm just did some testing on my own server and even with HSTS and HPKP I was able to MITM a secure connection using fiddler as long as the forged certificate's root CA was in my browsers trusted key store. I am a bit alarmed firefox v48.0.2 didn't seem to complain that the certificate passed wasn't the same as the certificates my site has pinned. I wonder if this is a configuration issue on my end or if I'm misunderstanding the way key-pinning should work.

Comment Defendable (Score 1) 116

Someone correct me if I'm wrong, but if a website uses both SSL and HSTS this attack becomes much more difficult, if not impossible (depending on how your browser handles HSTS) as long as its not your first time visiting the website. If you have visited the website before and HSTS is enabled on the site a forged certificate will not work and the victim will not be able to continue. Still scary but its just further reason that more sites, even those that don't transmit critical information, should use HTTPS and HSTS.

Submission + - Frontier Teams With AT&T To Block Google Fiber Access To Utility Poles (arstechnica.com)

An anonymous reader writes: Frontier submitted a court filing last week supporting ATT's efforts to sue local governments in Louisville and Jefferson County, Kentucky to stop a new ordinance designed to give Google Fiber and similar companies access to utility poles. They're concerned the ordinances will spread to other states. Frontier's filing said, "the issues raised by the case may have important implications for Frontier's business and may impact the development of law in jurisdictions throughout the country where Frontier operates." The ordinance in Louisville lets companies like Google Fiber install wires even if ATT doesn't respond to requests or rejects requests to attach lines. Companies don't have to notify ATT when they want to move ATT's wires to make room for their own wires, assuming the work won't cause customer outages. ATT claims that the ordinance lets competitors "seize ATT's property." Frontier is urging the court to consider the nationwide implications of upholding Louisville's ordinance, saying Louisville's rule "is unprecedented" because "it drastically expands the rights of third parties to use privately owned utility poles, giving non-owners unfettered access to [a] utility's property without the [...] utility in some cases even having knowledge that such third-party intrusion on its facilities is occurring." Frontier said companies should be required to negotiation access with the owners if they didn't pay to install the utility poles. They urged the court to deny Louisville Metro's motion to dismiss ATT's complaint.

Submission + - Why Does The IRS Need So Many Guns? (typepad.com)

schwit1 writes: Special agents at the IRS equipped with AR-15 military-style rifles? Health and Human Services “Special Office of Inspector General Agents” being trained by the Army’s Special Forces contractors? The Department of Veterans Affairs arming 3,700 employees?

The number of non-Defense Department federal officers authorized to make arrests and carry firearms (200,000) now exceeds the number of U.S. Marines (182,000).

Submission + - Comodo cancels "Lets Encrypt" trademark application (comodo.com)

An anonymous reader writes: Comodo who had attempted to register the trade mark "Lets Encrypt" in an effort to steal the identity of a non profit competitor, saw reason after receiving much attention on social media.

Submission + - Due process is under assault in America (washingtonexaminer.com)

An anonymous reader writes: Due process isn’t the sexiest part of the Constitution. It doesn’t get all the attention like the First or Second Amendments. But it is so incredibly important to the foundation of our country that it’s painful to see the hits it’s been taking these past few years.

The latest attempt has been incredibly direct, with Sen. Joe Manchin, D-W.Va., declaring that “due process is what’s killing us right now.” Manchin’s comments came in response to the Orlando terrorist attack that killed 49 people and injured 53 more. Speaking on MSNBC’s “Morning Joe,” Manchin said that due process was keeping legislators from banning those on the Terrorist Watch List from purchasing guns.

“The problem we have, and really the firewall we have right now, is due process,” Manchin said Thursday. “It’s all due process.”

Darn that pesky due process and its constitutional protections!

Manchin is just the latest pol to advocate trampling on Americans’ constitutional rights. On Wednesday, a number of pols told my colleague Joel Gehrke that the presumption of innocence was unnecessary when government seeks to deprive someone of a constitutional right.

Submission + - Worst Mass Shooting in U.S. History (cnn.com) 17

An anonymous reader writes: From CNN:

"Fifty people were killed inside Pulse, a gay nightclub, Orlando Police Chief John Mina and other officials said Sunday morning, just hours after a shooter opened fire in the deadliest mass shooting in U.S. history. At least 53 more people were injured, Mina said. Police have shot and killed the gunman, he told reporters.

The shooter is not from the Orlando area, Mina said. He has been identified as Omar Saddiqui Mateen, 29, of Fort Pierce, about 120 miles southeast of Orlando, two law enforcement officials tell CNN.
Orlando authorities said they consider the violence an act of domestic terror. The FBI is involved. While investigators are exploring all angles, they "have suggestions the individual has leanings towards (Islamic terrorism), but right now we can't say definitely," said Ron Hopper, assistant special agent in charge of the FBI's Orlando bureau."

Submission + - Visual Studio 2015 c++ compiler secretly inserts telemetry code into binaries (infoq.com) 4

edxwelch writes: Reddit user "sammiesdog" discovered recently that the Visual Studio 2015 c++ compiler was inserting calls to a Microsoft telemetery function into binaries.
"I compiled a simple program with only main(). When looking at the compiled binary in Ida, I see a calls for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I can not find documentation for these calls, either on the web or in the options page."
Only after the discovery did Steve Carroll, the dev manager for Visual C++, admit to the feature and posted a work around. The "feature" is to be removed in Update 3 of the product.

Submission + - MS declines to make a 64 bit Visual Studio (uservoice.com) 1

OhPlz writes: A request was made back in 2011 for Microsoft to provide a 64 bit version of Visual Studio to address out-of-memory issues. After sitting on the request for all that time, MS is now declining it stating that it would not be good for performance. It's amazing that with everything MS is attempting to do, their main development product is still living in the past.

Submission + - Microsoft removes the "X" from Windows 10 update leaving no way out 2

simpz writes: The Register reports that Microsoft has changed the Windows 10 update dialog and no longer shows the X close button. They say once agreed to there is no obvious back out method and it is now out of step with Microsoft's own documentation on this. They have a screenshot of this.

Submission + - DoJ wants Apple to decrypt 12 more iPhones (macrumors.com)

tlhIngan writes: The Wall Street Journal (paywalled) is reporting that the Department of Justice is seeking Apple's help in decrypting 12 other iPhones that may contain crime-related evidence. The cases are not identified, though a list of the 12 phones in question has come out, but it is not known what level of Apple assistance is required (i.e., how many of those cases are waiting on the FBI request for special firmware to be developed and to be used on "one more phone"). It appears Tim Cook's assertion that hundreds of requests are waiting on this software may not be a fabrication, and the goal is not about just one phone, but to set a precedent to unlock more phones.

Submission + - Radioactive material stolen in Iraq raises security fears (reuters.com)

mdsolar writes: Iraq is searching for "highly dangerous" radioactive material stolen last year, according to an environment ministry document and seven security, environmental and provincial officials who fear it could be used as a weapon if acquired by Islamic State.

The material, stored in a protective case the size of a laptop computer, went missing in November from a storage facility near the southern city of Basra belonging to U.S. oilfield services company Weatherford WFT.N, the document seen by Reuters showed and officials confirmed.

A spokesman for Iraq's environment ministry said he could not discuss the issue, citing national security concerns.

Slashdot Top Deals

If in any problem you find yourself doing an immense amount of work, the answer can be obtained by simple inspection.

Working...