Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Researchers Watched 100 Hours of Hackers Hacking Honeypot Computers (techcrunch.com)

An anonymous reader writes: Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers. The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around. Thanks to these honeypots, the researchers were able to record 190 million events and 100 hours of video footage of hackers taking control of the servers and performing a series of actions on them, including reconnaissance, installing malware that mines cryptocurrencies, using Android emulators to conduct click fraud, brute-forcing passwords for other computers, hiding the hackers’ identities by using the honeypot as a starting point for another attack, and even watching porn. The researchers said a hacker successfully logging into its honeypot can generate “tens of events” alone.

The “Rangers,” according to the two, carefully explored the hacked computers, doing reconnaissance, sometimes changing passwords, and mostly leaving it at that. “Our hypothesis is that they are evaluating the system they compromised so that another profile of attacker can come back later,” the researchers wrote in a blog post published on Wednesday to accompany their talk. The “Barbarians” use the compromised honeypot computers to try and bruteforce into other computers using known lists of hacked usernames and passwords, sometimes using tools such as Masscan, a legitimate tool that allows users to port-scan the whole internet, according to the researchers. The “Wizards” use the honeypot as a platform to connect to other computers in an attempt to hide their trails and the actual origin of their attacks. According to what Bergeron and Bilodeau wrote in their blog post, defensive teams can gather threat intelligence on these hackers, and “reach deeper into compromised infrastructure.”

According to Bergeron and Bilodeau, the “Thieves” have the clear goal of monetizing their access to these honeypots. They may do that by installing crypto miners, programs to perform click fraud or generate fake traffic to websites they control, and selling access to the honeypot itself to other hackers. Finally, the “Bards” are hackers with very little or almost no skills. These hackers used the honeypots to use Google to search for malware, and even watch porn. These hackers sometimes used cell phones instead of desktop or laptop computers to connect to the honeypots. Bergeron and Bilodeau said they believe this type of hacker sometimes uses the compromised computers to download porn, something that may be banned or censored in their country of origin. In one case, a hacker “was downloading the porn and sending it to himself via Telegram. So basically circumventing a country-level ban on porn,” Bilodeau told TechCrunch. “What I think [the hacker] does with this then is download it in an internet cafe, using Telegram, and then he can put it on USB keys, and he can sell it.”

Submission + - Popular Open-Source Project Moq Criticized For Quietly Collecting Data (bleepingcomputer.com)

An anonymous reader writes: Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees over 100,000 downloads on any given day, and has been downloaded over 476 million times over the course of its lifetime. [...] Last week, one of Moq's owners, Daniel Cazzulino (kzu), who also maintains the SponsorLink project, added SponsorLink to Moq versions 4.20.0 and above. This move sent shock waves across the open source ecosystem largely for two reasons—while Cazzulino has every right to change his project Moq, he did not notify the user base prior to bundling the dependency, and SponsorLink DLLs contain obfuscated code, making it is hard to reverse engineer, and not quite "open source."

"It seems that starting from version 4.20, SponsorLink is included," Germany-based software developer Georg Dangl reported referring to Moq's 4.20.0 release. "This is a closed-source project, provided as a DLL with obfuscated code, which seems to at least scan local data (git config?) and sends the hashed email of the current developer to a cloud service." The scanning capability is part of the .NET analyzer tool that runs during the build process, and is hard to disable, warns Dangl. "I can understand the reasoning behind it, but this is honestly pretty scary from a privacy standpoint."

SponsorLink describes itself as a means to integrate GitHub Sponsors into your libraries so that "users can be properly linked to their sponsorship to unlock features or simply get the recognition they deserve for supporting your project." GitHub user Mike (d0pare) decompiled the DLLs, and shared a rough reconstruction of the source code. The library, according to the analyst, "spawns external git process to get your email." It then calculates a SHA-256 hash of the email addresses and sends it to SponsorLink's CDN: hxxps://cdn.devlooped[.]com/sponsorlink. "Honestly Microsoft should blacklist this package working with the NuGet providers," writes Austin-based developer Travis Taylor. "The author can't be trusted. This was an incredibly stupid move that's just created a ton of work for lots of people."

Submission + - Intel's GPU Drivers Now Collect Telemetry, Including 'How You Use Your Computer' (extremetech.com)

An anonymous reader writes: Intel has introduced a telemetry collection service by default in the latest beta driver for its Arc GPUs. You can opt out of it, but we all know most people just click "yes" to everything during a software installation. Intel's release notes for the drivers don't mention this change to how its drivers work, which is a curious omission. News of Intel adding telemetry collection to its drivers is a significant change to how its GPU drivers work. Intel has even given this new collation routine a cute name—the Intel Computing Improvement Program. Gee, that sounds pretty wonderful. We want to improve our computing, so let's dive into the details briefly.

According to TechPowerUp, which discovered the change, Intel has created a landing page for the program that explains what is collected and what isn't. At a high level, it states, "This program uses information about your computer's performance to make product improvements that may benefit you in the future." Though that sounds innocuous, Intel provides a long list of the types of data it collects, many unrelated to your computer's performance. Those include the types of websites you visit, which Intel says are dumped into 30 categories and logged without URLs or information that identifies you, including how long and how often you visit certain types of sites. It also collects information on "how you use your computer" but offers no details. It will also identify "Other devices in your computing environment." Numerous performance-related data points are also captured, such as your CPU model, display resolution, how much memory you have, and, oddly, your laptop's average battery life. Though this sounds like an egregious overreach regarding the type of data captured, to be fair to Intel, it allows you to opt out of this program.

Submission + - Hacker spoofs track plays to top music charts (scmagazine.com.au)

mask.of.sanity writes: Stand aside P!nk, Niki Minaj; you've just been beaten by a music generator. One Aussie security expert curious about the fraud mechanisms at play on streaming services like Spotify uploaded garbage music tracks and directed three Amazon virtual machines to click the play button 24/7 for a month, earning him top spot in online music charts and $1000 in royalties.

Submission + - Artificial blood made in Romania (dailymail.co.uk) 3

calinduca writes: Artificial blood that could one day be used in humans without side effects has been created by scientists in Romania. The blood contains water and salts along with a protein known as hemerythrin which is extracted from sea worms. Researchers from Babe-Bolyai University in Cluj-Napoca, Romania, hope it could help end blood supply shortages and prevent infections through donations.

Submission + - Stiff Resistance to State Technology Taxes (pewstates.org)

SonicSpike writes: As the nation moves from a tangible goods-based economy to a service-based economy, a few states are trying to keep revenues robust by taxing technological services such as software upgrades and cloud computing. But a backlash from the high-tech industry has quashed most efforts.

As a result, the U.S. has a patchwork quilt of state taxes on technological services. Some states that have tried to impose such taxes have failed spectacularly, and most have not tried at all.

According to the Tax Foundation, a nonpartisan think tank that studies taxes, only 10 states (Connecticut, New Mexico, Hawaii, South Dakota, Mississippi, Missouri, Nebraska, Tennessee, Texas and West Virginia) and the District of Columbia tax all writing or updating of software. Only New Mexico, Hawaii and South Dakota levy their general sales taxes on all software services.

States with sales taxes do, however, levy those taxes on software that is sold on CDs or other hard storage materials. About half the states also tax “canned” (non-altered) software that can be downloaded, according to the Tax Foundation.

Elia Peterson, an analyst with the foundation, said in a recent paper that states are reluctant to tax computer services in large part because it “is an especially mobile industry and could easily move to a lower tax state.”

Feed Techdirt: Keith Alexander, On Stage While Story Of NSA Infiltrations Breaks, Tries To Misl (google.com)

In an interesting bit of timing, just as the Washington Post was breaking the news that the NSA had infiltrated Google and Yahoo's cloud data by hacking into the (stupidly) unencrypted data links between data centers, it turned out that NSA boss Keith Alexander was on stage at a Bloomberg Government Cybersecurity conference. He was asked about the report, and he tried to tap dance around it by claiming the NSA doesn't have access to Yahoo and Google's servers . The Guardian has a brief summary:

Alexander, asked about the Post report, denied it. Not to my knowledge, thats never happened, the NSA director said, before reiterating an earlier denial Prism gave the NSA direct access to the servers of its internet service provider partners.

Everything we do with those companies that work with us, they are compelled to work with us, Alexander said. These are specific requirements that come from a court order. This is not the NSA breaking into any databases. It would be illegal for us to do that. So I dont know what the report is, but I can tell you factually: we do not have access to Google servers, Yahoo servers, dot-dot-dot. We go through a court order.
But, of course, in typical Alexander fashion, he's choosing his words carefully -- and thankfully people can more easily see through it at this point, since they're getting so used to it. The report didn't say they were accessing those companies' servers or databases, but rather hacking into the network connection between their data centers. That's like a report breaking of the NSA hijacking armored cars with cash, and Alexander claiming "we didn't break into the bank." Nice try.

Permalink | Comments | Email This Story




Submission + - Microsoft Research Uses Kinect To Translate Between Spoken And Sign Languages

An anonymous reader writes: Microsoft’s Kinect is a wonderful piece of technology that seems to know no bounds. Microsoft Research is now using it to bridge the gap between folks who don’t speak the same language, whether they can hear or not. The Kinect Sign Language Translator is a research prototype that can translate sign language into spoken language and vice versa. The best part? It does it all in real time.

Slashdot Top Deals

"It is easier to fight for principles than to live up to them." -- Alfred Adler

Working...