Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Hiding Commands in AAAA DNS Records for Covert Command and Control Channels (sans.edu)

UnderAttack writes: DNS makes for a great command and control channel. Pretty much all systems are able to reach the global DNS infrastructure via recursive name servers. The other advantage of DNS is that any operating system includes tools to perform DNS lookups on the command line. To exfiltrate data, a simple "A" record lookup for a hostname can be used like 4111111111111111.evilexample.com to exfiltrate a credit card number. But to send commands back to the system, many covert channels use "TXT" records, which are much less common and easily detected or blocked.

The script prevented here uses a simple bash script to instead encode commands in AAAA records, and use them to send command back to the compromised systems. AAAA records hold 16 bytes per record, and due to them being displayed in hex, are easily decoded with tools like xxd.

Submission + - Bitcoin Not Money, Rules Miami Judge In Dismissing Laundering Charges (miamiherald.com)

An anonymous reader writes: Bitcoin does not actually qualify as money, a Miami-Dade judge ruled Monday in throwing out criminal charges against a Miami Beach man charged with illegally selling the virtual currency. The defendant, Michell Espinoza, was charged with illegally selling and laundering $1,500 worth of Bitcoins to undercover detectives who told him they wanted to use the money to buy stolen credit-card numbers. But Miami-Dade Circuit Judge Teresa Mary Pooler ruled that Bitcoin was not backed by any government or bank, and was not “tangible wealth” and “cannot be hidden under a mattress like cash and gold bars.” “The court is not an expert in economics, however, it is very clear, even to someone with limited knowledge in the area, the Bitcoin has a long way to go before it the equivalent of money,” Pooler wrote in an eight-page order. The judge also wrote that Florida law – which says someone can be charged with money laundering if they engage in a financial transaction that will “promote” illegal activity – is way too vague to apply to Bitcoin. “This court is unwilling to punish a man for selling his property to another, when his actions fall under a statute that is so vaguely written that even legal professionals have difficulty finding a singular meaning,” she wrote.

Submission + - SPAM: Use Hypnotism to Make Your Kids Behave?

kheldan writes: Apparently someone thinks hypnotizing kids to make them do their homework, chores, and otherwise 'behave' is a good idea. Lisa Machenberg, a professional hypnotist, has been using this on over 1000 kids in the last 23 years. “I hypnotize my children and my husband to do things for my benefit all the time,” she says.

But hypnosis can have serious side effects, including tiredness, crisis of identity, insomnia, irritability, fears, panic attacks, deficit of attention, distorted sense of self, confusion, sexually abberant behaviors, unexpected trance-like state, delusional thinking, depression, dizziness, syncope, fearfulness, feelings of guilt, histrionic reactions, impaired memory, nausea, obsessions, changes in personality.

Panacea, or child abuse? You be the judge.

Submission + - Pending bill would kill a big H-1B loophole (computerworld.com)

ErichTheRed writes: This isn't perfect, but it is the first attempt I've seen at removing the "body shop" loophole in the H-1B visa system. A bill has been introduced in Congress that would raise the minimum wage for an H-1B holder from $60K to $100K, and place limits on the body shop companies that employ mostly H-1B holders in a pass-through arrangement. Whether it's enough to stop the direct replacement of workers, or whether it will just accelerate offshoring, remains to be seen. But, I think removing the most blatant and most abused loopholes in the rules is a good start.

Submission + - Supreme Court SHuts Down Wiley in International Copyright Case (arstechnica.com)

JustAnotherOldGuy writes: In 2013, the Supreme Court heard Kirtsaeng, a copyright case brought by the publisher Wiley, who argued that legal books became illegal when brought into America, because their copyright licenses were nation-specific. The implications of Wiley's theory were nuts: companies could place arbitrary limits on the use of anything manufactured abroad and use copyright law to enforce them. Thankfully, the Supreme Court rejected Wiley's theory. But that wasn't the end of it. Kirtsaeng's lawyers spent more than $2M on the case, and two courts said that they were not entitled to recover their fees from Wiley — sending the message to future defendants in bogus copyright suits that even if they won, they'd lose.

Submission + - Drug-test the Rich - Not the Poor - to Qualify for Tax Benefits (theguardian.com)

Press2ToContinue writes: "The (tax) benefits we give to poor people are so limited compared to what we give to the top 1%” of taxpayers, Congresswoman Gwen Moore says, “It’s a drop in the bucket.” Many states implement drug-testing programs to qualify for benefit programs so that states feel they are not wasting the value they dole out.

However, seven states who implemented drug testing for tax benefit program recipients spent $1m on drug testing from the inception of their programs through 2014. But the average rate of drug use among those recipients has been far below the national average – around 1% overall, compared with 9.4% in the general population – meaning there’s been little cost savings from the drug testing program. Why? “Probably because they can’t afford it,” say Moore.

“We might really save some money by drug-testing folks on Wall Street, who might have a little cocaine before they get their deal done,” she said, and proposes a bill requiring tests for returns with itemized deductions of more than $150,000.

“We spend $81bn on everything – everything – that you could consider a poverty program,” she explained. But just by taxing capital gains at a lower rate than other income, a bit of the tax code far more likely to benefit the rich than the poor, “that’s a $93bn expenditure. Just capital gains,” she added. Why not drug-test the rich to ensure they won't waste their tax benefits?

She is “sick and tired of the criminalization of poverty”. And, she added: “We’re not going to get rid of the federal deficit by cutting poor people off Snap. But if we are going to drug-test people to reduce the deficit, let’s start on the other end of the income spectrum.”

Submission + - Online Loans Made in China Using Nude Pictures as Collateral

HughPickens.com writes: There is more than one way to get a student loan in China as People's Daily Online reports that many Chinese university students use their nude pictures as IOUs on online lending platforms, putting themselves at the risks of having everybody – including their parents – see them naked. Borrowers are also required to upload pictures of their ID cards and report their family information, including their address and cell phone numbers. "The nude photos will be made public if the borrowers fail to repay their debts with interest," an insider was quoted as saying. The credit varies based on the borrower’s education background. Usually an undergraduate student can receive 15,000 yuan ($2,277) in credit, while those studying at famous universities as well as doctorate students can receive even larger loans. Snapshots of threatening collection messages have also gone viral, with a photo of a female borrower and a message reading how the lender would send the photo and her naked video footage to her family members if she could not pay back her 10,000 yuan borrowed on an annual interest rate of 24 percent within a week. “Naked IOUs started long ago. Not only university students but many others also borrowed money with nude pictures,” says insider surnamed Zhang. Zuo Shenggao from Jingshi Law Firm says that nude photos are actually invalid as collateral in terms of laws. "Nude photos are not property. It is in the category of reputation rights," says Shenggao. "If anyone threatens to publish the photos online, they will violate the clients' reputation. At the same time, they are also spreading pornographic material. Both are illegal and they will commit double offence,"

Submission + - Four newly discovered elements receive names - your chance to change them (theverge.com)

Press2ToContinue writes: The proposed names for recently discovered superheavy elements are:

Nihonium and symbol Nh, for the element 113
Moscovium and symbol Mc, for the element 115
Tennessine and symbol Ts, for the element 117
Oganesson and symbol Og, for the element 118

This isn't finalized. Not sure I even like some of these, and maybe you feel the same way. Above are the proposed names that will substitute for the current placeholders (e.g., ununpentium, ununseptium). Nilhonium, Moscovium, and Tennesine are all named for places; Oganessen is named for the Russian physicist Yuri Oganessian.

But we have until November to lobby for other names. Here's a chance to go down in history and name an element on the periodic table. How about naming one Elementy McElementface?

Submission + - Windows 10 goes full malware

Iamthecheese writes: Microsoft is adding another chapter to the long and sordid story of its latest OS. As reported by Windows Magazine, closing the upgrade permission window by clicking the familiar red x results in "approval" of the installation. Per this Microsoft support document, "If you click on OK or on the red “X”, you’re all set for the upgrade and there is nothing further to do."

Submission + - Apparently Slashdot Mobile Pushed Malvertising Back In January (softpedia.com)

An anonymous reader writes: Crooks used malicious ads (malvertising) to push a fake Android Marshmallow update to Android users accessing a series of high-profile news sites. The malicious ads were found on the mobile versions of reputable sites such as Slashdot and Android Police, but also on local news sites in France (20 Minutes) and Germany (SPON).

This campaign was unique compared to other mobile malvertising waves because it used a never seen before trick which auto-downloaded the fake Android 6.0 upgrade package on the devices without any kind of user interaction.

Submission + - FBI Wants to Exempt Its Massive Biometric Database from Federal Privacy Rules (nextgov.com)

schwit1 writes: The FBI wants to block individuals from knowing if their information is in a massive repository of biometric records, which includes fingerprints and facial scans, if the release of information would "compromise" a law enforcement investigation.

The FBI’s biometric database, known as the “Next Generation Identification System,” gathers a wide scope of information, including palm prints, fingerprints, iris scans, facial and tattoo photographs, and biographies for millions of people.

On Thursday, the Justice Department agency plans to propose the database be exempt from several provisions of the Privacy Act — legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed.

Aside from criminals, suspects and detainees, the system includes data from people fingerprinted for jobs, licenses, military or volunteer service, background checks, security clearances, and naturalization, among other government processes.

Submission + - Ad-blocker blocking websites could be illegal under EU privacy law (theregister.co.uk)

AmiMoJo writes: Websites that detect ad-blockers to stop their users from reading webpages could be illegal under European law. Alexander Hanff, a privacy campaigner and programmer, says he has received a letter from the European Commission confirming that browser-side web scripts that pick out advert blockers access people's personal data (ie: the plugin stored on their computer). Thus, just like you need to give permission to EU websites to access and store your cookies, ad-blocker detectors must ask for permission before probing your browser.

Slashdot Top Deals

If you do something right once, someone will ask you to do it again.

Working...