Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - HomeKit Would Have Prevented DDOS IoT Botnet

macs4all writes: According to an Article in, the security measures built-into Apple's HomeKit home-automation protocol would most likely have prevented the widescale takeover of IoT devices that enabled the DDOS attack on Dyn.

"To prevent another Mirai attack, or a similar assault harnessing IoT hardware, offending devices might require a recall, Krebs says. Short of a that, unplugging an affected product is an [likely the only --ed.] effective stopgap.

By contrast, as detailed in this Security Brief, Apple's HomeKit features built-in end-to-end encryption, protected wireless chip standards, remote access obfuscation and other security measures designed to thwart hacks. Needless to say, it would be relatively difficult to turn a HomeKit MFi device into a DDoS zombie.

Apple uses the Secure Remote Password (3,072-bit) protocol to establish a connection between an iOS device and a HomeKit accessory via Wi-Fi or Bluetooth. Upon first use, keys are exchanged through a procedure that involves entering an 8-digit code provided by the manufacturer into a host iPhone or iPad. Finally, exchanged data is encrypted while the system verifies the accessory's MFi certification.

When an iPhone communicates with a HomeKit accessory, the two devices authenticate each other using the exchanged keys, Station-to-Station protocol and per-session encryption. Further, Apple painstakingly designed a remote control feature called iCloud Remote that allows users to access their accessories when not at home.

Apple's coprocessor is key to HomeKit's high level of security, though the implementation is thought to have delayed the launch of third-party products by months. The security benefits were arguably worth the wait.

At its core, HomeKit is a well-planned and well-executed IoT communications backbone. The accessories only work with properly provisioned devices, are difficult to infiltrate, seamlessly integrate with iPhone and, with iOS 10 and the fourth-generation Apple TV (which acts as a hub), feature rich notifications and controls accessible via Apple's dedicated Home app. And they can't indiscriminately broadcast junk data to the web.

The benefits of HomeKit come at cost to manufacturers, mainly in incorporating Apple's coprocessor, but the price is undoubtedly less dear than recalling an unfixable finished product."

Comment Re:"Gay Culture" is blind devotion then? (Score 1) 621

If I was gay I might be a little scared of Trump, but I'd be fucking terrified of Mike Pence.

What exactly do you think Mike Pence could or would do that would be reasonable grounds to be "terrified"?

Do you think he might do something as outrageous as George W. Bush? You know, the US President that spent billions of dollars fighting AIDs in Africa? (As opposed to Bill Clinton that signed DOMA, the Defense of Marriage Act.)

Unless you have something quite specific that seems to be at best a highly exaggerated response to any policy he would be likely to support let alone get through Congress. At worst it is a groundless smear.

Comment Re:Fascinating .... (Score 1) 313

I think it goes without saying that Ecuador controls their own embassy. The question is, why such a major change in direction RIGHT NOW, essentially "turning on a dime."

I head speculation that someone was threatening to either call in some big loans to Ecuador, or call their bonds unless they unplugged Assange. That sort of raw political pressure might explain the sudden turn by Ecuador. Hillary has some very rich friends and backers.

Where Has Hillary Clinton Been? Ask the Ultrarich

Comment Re:The Goldman talks... (Score 3, Insightful) 313

So what does defending bragging about sexual assault say about the Trump campaign?

Good question. I've got a better one: What does actually raping women, silencing them through intimidation, plotting with campaign staff to attack them in the media, and coordinating with members of the media to silence, harass, and discredit those rape victims say about the Clintons and their campaign? (And that was going on for decades.) And what about Bill's many trips to pedophile island?

As bad as Trump is, the Clintons are worse. Of course the Clintons are "Progressives" so it's all good, right?

Comment Re:Droning justification [Re:I'm just surprised... (Score 1) 313

That "material support" argument was made at Bradly Manning's trial and was not allowed, so legally that isn't going to cut it. I'm not sure that is or should be the final word, but there it is.

As to that "making videos and speeches" line .... I assume you're referring to Anwar al-Awlaki? If so you considerably understate his role. Were the propagandists of the Soviet Communists, Italian Fascists, and German National Socialists unconnected to their crimes and aggression? al-Awlaki was more than just a propagandist, he was a recruiter, operational planner, and more.

Anwar al-Awlaki: Drone kills US-born preacher who inspired lone wolf terrorists

One official said Awlaki was involved in the printer bomb packages found at East Midlands airport last year.

The Yemeni outfit had developed bombs that contained no metal and were so hard to detect that police missed the material on first inspection.

To distract police, Awlaki put a copy of Great Expectations in the packages. His finger prints were found on the book.


Tomorrow's Wars Will Be Livestreamed ( 75

Something unique and (in some way) unprecedented happened earlier today. The start of the invasion of Mosul, a city held by ISIS in Iraq, was live-streamed on Facebook and YouTube, and thousands of people around the world watched it. There were several streams that got popular, but one shared by Kurdish outlet Rudaw was getting the most traction -- it was re-posted by major outlets like the Washington Post and Channel 4 in the United Kingdom. Motherboard adds: While some viewers commented on the merits of the offensive, for others, the livestream itself was the most startling thing. As angry cartoon faces and "Wow!" emoticons floated over top of live images of war, viewers noted that it all seemed like a bit too much like a sci-fi fever dream about a war-obsessed culture. For most English-language viewers watching these streams, there was no explanation, no given context, no subtitles or translation -- merely images of a mostly-barren foreign landscape peppered with men and trucks, idling and standing around, sparsely punctuated by violence. But in 2016, decades after Lessons of Darkness was completed and on social media instead of in a darkened arthouse theatre, the void spits out something other than deep, metaphysical understanding about human nature. Instead, in the comments, people ask for money. They talk about porn. They quote Green Day lyrics. They call people "cucks." To be fair, however, not everyone reacted this way. But a lot of people did. "There's journalistic value in the livestream,"

Comment Re:Droning justification [Re:I'm just surprised... (Score 1) 313

Re droning him, I'm curious, what the rules of engagement are? He's a fugitive on the run, and arguably a national security threat. Suppose he was droned down . . .

Not going to happen. The only people the US deliberately attacks and kills with drones are members or affiliates of terrorist groups like al Qaida and ISIS. For all of his faults, Assange isn't a terrorist or affiliated with terrorists.

Comment Re:So Assange has overstayed his welcome. (Score 5, Insightful) 313

No, Ecuador could do it. It might look something like this:

Assange: Hello Mr. Ambassador, a pleasure to see you again.
Amb Ortiz: Hello Julian, let me come straight to the point - you can no longer use the internet connection in the embassy. The Foreign Minister has made this decision under difficult circumstances. We are doing this so that we can continue to provide you asylum from Sweden and Britain.
Assange: But Mr. Ambassador!
Amb Ortiz: No buts, Julian. No more use of the embassy internet or we will show you the door, and put you outside.
Assange: I understand Mr. Ambassador. What if I can make other arrangements?
Amb Ortiz: That is your affair, as long as it does not make use of the embassy facilities.
Assange: Thank you, Mr. Ambassador for your continued hospitality.

Comment Fascinating .... (Score 2) 313

I wonder who had enough "juice" to make this happen?

Ecuador has been very willing to poke Sweden, Europe, and the US in the eye over Assange for years. So, why now?

Did Wallstreet firms make some threats about investment?
Did the Clinton campaign threaten vengeance when Hillary is selected as president?
Did the US State Department make some threats to cover for Hillary?
Did the CIA threaten tit for tat against Ecuador as part of rumored actions against Russia?
Are foreign donors to the Clinton Foundation leaning on Ecuador to stop Assange from exposing them?
Is the Obama administration threatening military action over the claimed interference in the US election?
Is the media threatening reports on Ecuador? Or is someone threatening to leak to the media about them?
Are there some lucrative deals Ecuador's elites have going that are in danger?

The possibilities seem almost endless. Whoever it was must have the ability to make a substantial threat, big enough for Ecuador to fold like a cheap deck chair.

But who was it?

Submission + - SPAM: Hillary Clinton's paid trolls

mi writes: Taking a page from the book of Vladimir Putin, whom her campaign would like to be seen as backing her opponent, Hillary Clinton is relying on paid "trolls" to respond to negative news about her.

The SuperPAC "Correct the Record", which is affiliated with her campaign, acknowledged in an April press release that it was spending $1 million on project “Breaking Barriers” to pay people to respond to negative information about Clinton on social media sites like Facebook, Reddit, Instagram and Twitter. That amount has since increased to over $6 million. The trolls create a false impression that Clinton has more support than she really does, because one supporter will frequently create multiple anonymous accounts.

I for one sure am glad, Slashdot is not on the above list — and that all Hillary supporters we see here are genuine and sincere.

Link to Original Source
The Internet

Yahoo Disables Automatic Email Forwarding Feature, Making It Difficult For Users To Leave ( 205

After it was revealed that Yahoo secretly scanned customer emails for U.S. intelligence agencies, now's as good of time as any to leave Yahoo Mail. However, the company has made it more difficult to leave by disabling the automatic email forwarding feature. Reuters reports: While those who have set up forwarding in the past are unaffected, users who would want to leave following recent hacking and surveillance revelations are struggling to shift to rival services, the AP reported on Monday. The company has been under scrutiny from investors after disclosing last month that at least 500 million user accounts were stolen from its network in 2014. The AP said that several users were leaving or had already left the service because of the negative headlines. The company's website says that the "automatic email forwarding" feature is under development and has been temporarily disabled.

New York To Test Facial Recognition Cameras At 'Crossing Points' ( 96

An anonymous reader quotes a report from Vocativ: In a 35-minute speech detailing a landmark $100 billion investment into state infrastructure, largely focused on New York City and Long Island, Governor Andrew Cuomo made a number of promises that would thrill New Yorkers, like the promise of a renovated Penn Station, called Penn-Farley, a direct train from there to LaGuardia Airport, and the completion of the long-awaited Second Avenue Line. Oh, and facial recognition cameras around the city, he said: "At each crossing, and at structurally sensitive points on bridges and tunnels, advanced cameras and sensors will be installed to read license plates and test emerging facial recognition software and equipment." "We're going to be using this in Penn-Farley and we also want to be testing it in bridges and crossings system," he added. On the matter of facial recognition cameras, Cuomo was shy on details. It's unclear how many cameras will be deployed, which agencies will have access to them, what defines a crossing, how citizens' photos will be stored, and what photo databases will be used to compare against the faces of the millions of people who drive into the city. In his speech, Cuomo referenced the cameras as necessary for New York to adapt to 21st century security threats. "In this age of terrorist activity and lone wolves, if you look at points of vulnerability you'll go to our tunnels and to our bridges. So really they have to be reimagined for a new reality," he said.

Tech Billionaires Are Asking Scientists For Help To Break Humans Out of Computer Simulation ( 1042

Many believe that we live in a computer simulation. But it takes a billionaire and his money to ask scientists to help break us out of the simulation. The New Yorker recently did a profile about Y Combinator's Sam Altman. In the story, Altman discusses his theories about being controlled by technology and delves into the simulation theory. From an article on The New Yorker: Many people in Silicon Valley have become obsessed with the simulation hypothesis, the argument that what we experience as reality is in fact fabricated in a computer; two tech billionaires have gone so far as to secretly engage scientists to work on breaking us out of the simulation. Business Insider adds: The piece doesn't give any clue as to who those two billionaires are -- although it's easy to hazard a few guesses at who they might be, like Musk himself or Altman's friend Peter Thiel -- but it's fascinating to see how seriously people are taking this theory. According to Musk, it's the most popular topic of conversation right now.Earlier this year, at Code Conference, Elon Musk said there's "one in billions" chance we're not living in a computer simulation.

Slashdot Top Deals

Wishing without work is like fishing without bait. -- Frank Tyger