Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×

Submission + - Cybercrime Economy: The Business Of Hacking

An anonymous reader writes: The profile of typical cyber attackers – and the interconnected nature of their underground economy – have evolved in the last several years. Adversaries are increasingly leveraging management principles in the creation and expansion of their operations to ultimately increase their impact and financial profits. Today’s adversaries often create a formalized operating model and ‘value chain’ that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organization throughout the attack lifecycle.
Government

Developer Of Anonymous Tor Software Dodges FBI, Leaves US (cnn.com) 323

An anonymous reader quotes a report from CNN: FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned. But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system -- and expose Tor users around the world to potential spying. That's why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany. "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening," she said in an exclusive interview with CNNMoney. Earlier in the month, Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter.

Submission + - A critic of H-1B visas offshores 200 IT jobs (computerworld.com)

dcblogs writes: Tribune Publishing Co., a major newspaper chain, is laying off as many as 200 IT employees as it shifts work overseas. The firm, which owns the Los Angeles Times, The Baltimore Sun, Chicago Tribune, Hartford Courant and many other media properties, told IT employees in early April that it's moving work to India-based Tata Consultancy Services. The LA Times has been critical of the use of H-1B visas in offshore outsourcing, in particular the decision by Southern California Edison. The utility hired India-based vendors, including Tata and then cut some 500 IT jobs. "Information technology workers at Southern California Edison have found themselves in the unhappy position of training their own replacements, thanks to a plan by the utility to outsource their jobs to two India-based staffing companies," the Times wrote in an editorial last year; the editorial focused on the use of H-1B visa workers in offshore outsourcing. IT workers at the Tribune are now training their replacements

Submission + - Google drops support for SSLv3 and RC4 crypto on Gmail, SMTP servers (helpnetsecurity.com)

LichtSpektren writes: HelpNetSecurity reports: "In less than a month, Google will stop supporting SSLv3 and RC4 on its SMTP and Gmail’s web servers. The end of support is not unexpected, as the Internet giant announced the move last September.

Nor does it come a moment too soon – 'SSLv3 has been obsolete for over 16 years and is so full of known problems that the IETF has decided that it must no longer be used. RC4 is a 28 year old cipher that has done remarkably well, but is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also warrants a statement that it too must no longer be used,' noted the Google Apps team.

The cut-off point is June 16, 2016."

Submission + - Criminals Turn Entire ATMs Into Skimmers

An anonymous reader writes: As if withdrawing money from an ATM wasn’t dangerous enough, researchers discovered that Russian-speaking Skimer group forces ATMs to assist them in stealing users’ money. Instead of installing skimmer devices onto an ATM, they could turn the whole ATM into a skimmer itself. Unlike in cases with a skimmer device, the Skimer malware is undetectable to the common ATM user since there is no physical sign of the ATM being tampered with.
Data Storage

Backblaze Releases Billion-Hour Hard Drive Reliability Report (extremetech.com) 129

jones_supa writes: The storage services provider Backblaze has released its reliability report for Q1/2016 covering cumulative failure rates of mechanical hard disk drives by specific model numbers and by manufacturer. The company noted that as of this quarter, its 60,000 drives have cumulatively spun for over one billion hours (100,000 years). Hitachi Global Storage Technologies (HGST) is the clear leader here, with an annual failure rate of just 1% for three years running. The second position is also taken by a Japanese company: Toshiba. Third place goes to Western Digital (WD), with the company's ratings having improved in the past year. Seagate comes out the worst, though it is suspected that much of that rating was warped by the company's crash-happy 3 TB drive (ST3000DM001). Backblaze notes that 4 TB drives continue to be the sweet spot for building out its storage pods, but that it might move to 6, 8, or 10 TB drives as the price on the hardware comes down.

Submission + - Adobe Patches Flash 0day Exploited In Attacks

An anonymous reader writes: The Adobe Flash Player update announced earlier this week is here, and it fixes more than just the zero-day flaw exploited in attacks in the wild. All in all, the latest update plugs 25 security holes, all of which could lead to remote code execution, i.e. be leveraged to ultimately take over the system running a vulnerable version of Flash Player. No details have been shared about any of the fixed vulnerabilities, so as not to help attackers create exploits for them.

Submission + - Do Users' Perceptions Of Password Security Match Reality? 1

An anonymous reader writes: Think your password is secure? You may need to think again. People’s perceptions of password strength may not always match reality, according to a recent study by CyLab, Carnegie Mellon’s Security and Privacy Institute. Although participants generally had a good understanding on what makes passwords stronger or weaker, they also had some critical misunderstandings of how passwords are attacked and assumed incorrectly that their passwords need to withstand only a small number of guesses.

Submission + - Milagro: A Distributed Cryptosystem For The Cloud (helpnetsecurity.com)

An anonymous reader writes: A new open source project within the Apache Incubator aims to create an alternative to outdated and problematic monolithic trust hierarchies such as commercial certificate authorities. Apache Milagro (incubating) is a distributed cryptosystem for cloud computing. A joint undertaking by MIRACL (formerly Certivox), NTT Innovation Institute, and NTT Labs, it will establish a new internet security framework made of cryptographic service providers called Distributed Trust Authorities, who independently issue shares of keys to application endpoints which have embedded Milagro cryptographic libraries and applications. The project does not aim to replace digital certificates for web server-to-browser authentication, but to offer mutual authentication and key agreement for the Cloud Infrastructure as a Service industry.
Businesses

Wendy's Plans To Automate 6,000 Restaurants With Self-Service Ordering Kiosks (investors.com) 921

An anonymous reader writes: In response to the rising minimum wage, the fast-food chain Wendy's plans to start automating all of its restaurants. The company said it will have self-service ordering kiosks available to its 6,000-plus restaurants in the second half of the year. Wendy's President Todd Penegor said it will be up to franchisees to decide whether or not to adopt the kiosks in their stores, noting that many franchise locations have had to raise prices to offset wage increases. California's decision to gradually raise the minimum wage to $15 by 2022 will impact Wendy's 258 restaurants, all of which are franchise-operated. About 75% of 200-plus Wendy's restaurants are run by franchisees in New York, a state that is also on its way to $15. Penegor said, wage pressures have been manageable both because of falling commodity prices and better operating leverage due to an increase in customer counts. The company is still "working so hard to find efficiencies" so it can deliver "a new QSR experience but at traditional QSR prices." The CEO of Carl's Jr., Andy Puzder, is also looking into replacing many of its workers with machines to save money.
The Almighty Buck

Apple Invests $1 Billion In Uber's Chinese Rival Didi (bloomberg.com) 40

An anonymous reader quotes a report from Bloomberg: Apple Inc. invested $1 billion in Chinese ride-sharing service Didi, making one of its biggest bets on software and services and dealing a blow to Uber Technologies Inc.'s ambitions in the country. The iPhone maker will help Uber's largest rival build up a ride-sharing platform that handles more than 11 million rides a day and serves about 300 million users across China, Didi said in a statement on Friday. Executive Officer Tim Cook has highlighted higher-margin services as a growth area and suggested he would use some of its $200 billion-plus cash hoard for investments. The investment in one of China's largest online companies will allow Apple to forge alliances in its single largest market outside of the United States. Didi, incorporated as Xiaoju Kuaizhi Inc., is in the process of raising more than $2 billion at a valuation of about $25 billion, people familiar with the matter have said. It operates in 400 Chinese cities and works with more than 14 million Chinese car owners. The company is Uber's most potent rival and has formed an international coalition with Lyft Inc. in the U.S., India's Ola and Southeast Asia's Grab to fight the globally expanding San Francisco firm. Apple is hoping to reinvigorate lackluster iPhone sales in China with its $1 billion investment in Didi. The last big investment the company made was when it acquired Beats for $3 billion in 2014.

Submission + - Dutch minister refuses to stop using private mail for government business (www.nu.nl)

Melkman writes: Despite being victim of phishing the Dutch minister of economic affairs Henk Kamp will not stop using his private mail for government business. Even after being warned that this is against regulations Kamp said he will continue with this practice because "It's just easier for me, and that's the way it is". Aside from being insecure the messages in private accounts are exempt from WOB requests, the Dutch equivalent of FOIA.

Submission + - Apple Backs Didi With $1 Billion In Blow To Uber China Ambitions (bloomberg.com)

An anonymous reader writes: Apple Inc. invested $1 billion in Chinese ride-sharing service Didi, making one of its biggest bets on software and services and dealing a blow to Uber Technologies Inc.’s ambitions in the country. The iPhone maker will help Uber’s largest rival build up a ride-sharing platform that handles more than 11 million rides a day and serves about 300 million users across China, Didi said in a statement on Friday. Executive Officer Tim Cook has highlighted higher-margin services as a growth area and suggested he would use some of its $200 billion-plus cash hoard for investments. The investment in one of China’s largest online companies will allow Apple to forge alliances in its single largest market outside of the United States. Didi, incorporated as Xiaoju Kuaizhi Inc., is in the process of raising more than $2 billion at a valuation of about $25 billion, people familiar with the matter have said. It operates in 400 Chinese cities and works with more than 14 million Chinese car owners. The company is Uber’s most potent rival and has formed an international coalition with Lyft Inc. in the U.S., India’s Ola and Southeast Asia’s Grab to fight the globally expanding San Francisco firm.
Censorship

Mark Zuckerberg: 'No Evidence' Facebook Staff Suppressed Stories With Conservative Viewpoints (theverge.com) 346

An anonymous reader quotes a report from The Verge: Mark Zuckerberg has issued a statement in response to the controversy alleging that Facebook staff intentionally prevented stories with a conservative viewpoint from appearing in the site's Trending Topics section. "We take this report very seriously and are conducting a full investigation to ensure our teams upheld the integrity of this product," Zuckerberg writes on Facebook. "We have found no evidence that this report is true. If we find anything against our principles, you have my commitment that we will take additional steps to address it." Zuckerberg says he will invite "leading conservatives and people from across the political spectrum" to discuss the matter in the coming weeks, with the aim of having a "direct conversation about what Facebook stands for and how we can be sure our platform stays as open as possible." Earlier today, more evidence surfaced to support Gawker's two recent reports that claimed editors manipulate the trending news. Facebook published a blog post explaining how Trending Topics on its platform works, insisting there's no discrimination against sources of any political origin.

Slashdot Top Deals

Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec

Working...