Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - HomeKit Would Have Prevented DDOS IoT Botnet

macs4all writes: According to an Article in, the security measures built-into Apple's HomeKit home-automation protocol would most likely have prevented the widescale takeover of IoT devices that enabled the DDOS attack on Dyn.

"To prevent another Mirai attack, or a similar assault harnessing IoT hardware, offending devices might require a recall, Krebs says. Short of a that, unplugging an affected product is an [likely the only --ed.] effective stopgap.

By contrast, as detailed in this Security Brief, Apple's HomeKit features built-in end-to-end encryption, protected wireless chip standards, remote access obfuscation and other security measures designed to thwart hacks. Needless to say, it would be relatively difficult to turn a HomeKit MFi device into a DDoS zombie.

Apple uses the Secure Remote Password (3,072-bit) protocol to establish a connection between an iOS device and a HomeKit accessory via Wi-Fi or Bluetooth. Upon first use, keys are exchanged through a procedure that involves entering an 8-digit code provided by the manufacturer into a host iPhone or iPad. Finally, exchanged data is encrypted while the system verifies the accessory's MFi certification.

When an iPhone communicates with a HomeKit accessory, the two devices authenticate each other using the exchanged keys, Station-to-Station protocol and per-session encryption. Further, Apple painstakingly designed a remote control feature called iCloud Remote that allows users to access their accessories when not at home.

Apple's coprocessor is key to HomeKit's high level of security, though the implementation is thought to have delayed the launch of third-party products by months. The security benefits were arguably worth the wait.

At its core, HomeKit is a well-planned and well-executed IoT communications backbone. The accessories only work with properly provisioned devices, are difficult to infiltrate, seamlessly integrate with iPhone and, with iOS 10 and the fourth-generation Apple TV (which acts as a hub), feature rich notifications and controls accessible via Apple's dedicated Home app. And they can't indiscriminately broadcast junk data to the web.

The benefits of HomeKit come at cost to manufacturers, mainly in incorporating Apple's coprocessor, but the price is undoubtedly less dear than recalling an unfixable finished product."

Submission + - Verizon trying to abandon copper (

Caviller writes: A internal letter from Verizon released by the CWA union shows that Verizon does not want to maintain their copper infrastructure. The union says that Verizon is telling techs to replace the users phone with their VoiceLInk service if the problem appears to be in their cable plant. Verizon says that their number one concern is to get their customer's service working again but the memo says otherwise. Is Verizon abandoning copper to push more people to the more profitable wireless service?

Submission + - Verizon workers can now be fired if they fix copper phone lines (

Swave An deBwoner writes: Verizon doesn't like providing access to their copper lines to competitors, as required by law. So ...

Verizon has told its field technicians in Pennsylvania that they can be fired if they try to fix broken copper phone lines. Instead, employees must try to replace copper lines with a device that connects to Verizon Wireless’s cell phone network.

Submission + - SPAM: Yahoo! searched users' emails for the Feds 1

mi writes: Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

Supposedly, this represents the first case to surface of a U.S. Internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

Link to Original Source

Submission + - Amazon Bans Incentivized Reviews Tied To Free or Discounted Products (

An anonymous reader writes: Amazon is making a significant change to its Community Guidelines, announced today, which will eliminate any incentivized reviews, except for those that emerge from within its own Amazon Vine program. This program allows Amazon – not the seller or vendor – to identify trusted reviewers, and has a number of controls in place in order to keep bias out of the review process. Amazon has historically prohibited compensation for reviews – even going so far as to sue those businesses who pay for fake reviews, as well as the individuals who write them, in an effort to make its review and rating system fairer and more helpful to online shoppers. However, it has allowed businesses to offer products to customers in exchange for their “honest” review. The only condition was that those reviewers would have to disclose their affiliation with the business in question in the text of their review. Reviewers were generally offered the product for free or at a discounted price, in exchange for their review. Although, in theory, these reviewers could write their true opinion on the product – positive or negative – these incentivized reviews have tended to be overwhelmingly biased in favor of the product being rated. Amazon says that, going forward, the only incentivized reviews will be those from Amazon Vine. These don’t work the same way, however. For starters, Amazon selects who will be allowed to review products, and it does so mainly to boost the review count on new or pre-release products that haven’t yet generated enough sales to have a large number of organic reviews. Vine reviewers are invited to join the program only after having written a number of reviews voted as “helpful” by other customers, and tend to have expertise in a specific product category. In addition, vendors don’t have any contact with Vine reviewers, nor do they get to influence which reviewers will receive their products, which are submitted directly to Amazon for distribution. These changes will apply to all product categories other than books, as Amazon has always allowed advance copies of books to be distributed, the retailer notes.

Submission + - Feds ask local police to scan license plates of cars parked at gun shows (

SonicSpike writes: Federal agents have persuaded police officers to scan license plates to gather information about gun-show customers, government emails show, raising questions about how officials monitor constitutionally protected activity.

Emails reviewed by The Wall Street Journal show agents with the Immigration and Customs Enforcement agency crafted a plan in 2010 to use license-plate readers—devices that record the plate numbers of all passing cars—at gun shows in Southern California, including one in Del Mar, not far from the Mexican border.

Agents then compared that information to cars that crossed the border, hoping to find gun smugglers, according to the documents and interviews with law-enforcement officials with knowledge of the operation.

The investigative tactic concerns privacy and guns-rights advocates, who call it an invasion of privacy. The law-enforcement officials say it is an important and legal tool for pursuing dangerous, hard-to-track illegal activity.

There is no indication the gun-show surveillance led to any arrests or investigative leads, but the officials didn’t rule out that such surveillance may have happened elsewhere. The agency has no written policy on its use of license-plate readers and could engage in similar surveillance in the future, they said.

Jay Stanley, a lawyer at the American Civil Liberties Union, said the gun-show surveillance “highlights the problem with mass collection of data.” He said law enforcement can take two entirely legal activities, like buying guns and crossing the border, “and because those two activities in concert fit somebody’s idea of a crime, a person becomes inherently suspicious.”

John Chigos, CEO of PlateSmart Technologies, Inc., which sells license-plate-reader systems, said the devices help protect the public but he called it “an abuse of the technology’’ to target gun-show shoppers.

Comment Re:HDD price milking (Score 2) 161

--With a drive that size (8TB) I hope you are at -least- mirroring it; and if you're not using ZFS or btrfs, you should have several backups *and* checksums on your files. The chances of bitrot and unrecoverable reads on a single spinning disk with that much storage are much greater.


Submission + - WikiLeaks cancels Tuesday announcement amid security concerns (

SonicSpike writes: WikiLeaks has canceled an unknown announcement it had planned for this week due to security concerns, according to an NBC News reporter.

WikiLeaks founder Julian Assange was scheduled to make an announcement Tuesday from the balcony of London's Ecuadorian Embassy. It was expected to be connected to Democratic presidential nominee Hillary Clinton.

However, NBC News reporter Jesse Rodriguez reported that because of security concerns at the embassy, the event has been canceled. WikiLeaks hasn't said whether the announcement will be rescheduled.

Submission + - Misguided Researcher Releases Linux Ransomware "For Educational Purposes" (

An anonymous reader writes: A security researcher has published the wireframe of a ransomware building kit for Linux systems, which he published on GitHub "for educational purposes." This comes just one year after a Turkish security researcher has done the same with the Hidden Tear and EDA2 ransomware projects, which crooks used to build 22 different ransomware variants in the past year.

Other security professionals mocked and insulted the researcher for his "retarded idea" [quoting], but a Twitter poll surprisingly showed that there are many people that support the idea of open-sourcing ransomware code. Makes you wonder how many ransomware operators voted "Yes," hoping that more security researchers upload free ransomware code on GitHub.

Comment Re:Not sure you have a lot of options? (Score 1) 222

--You can speed up Win7 updates A LOT just by using WSUS Offline Update. Download once, burn to DVD and update the client PC with that.

--Win7 "official" update process is horribly broken and CPU intensive, to the point where the CPU fan on a laptop I inherited had basically failed due to 100% continuous use.

--Note that you may have to run the WSUS updater on the client multiple times and reboot/repeat, but this is still *much* better than doing it the traditional way. After updating, I'd recommend doing a full bare-metal backup with Veeam or Aomei or the like.

Submission + - SPAM: California Enacts Law Requiring IMDb to Remove Actor Ages on Request

schwit1 writes: California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove – or not post in the first place – an actor’s age or birthday upon request.

The law, which becomes effective January 1, applies to database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or non-publication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories.

The purpose of the law is to prevent age discrimination. How soon will it get struck down for violating free speech?

Link to Original Source

Submission + - SPAM: Without language teachers, high schools are resorting to Rosetta Stone

schwit1 writes: With just a few weeks to go before the start of school, Madison Area Memorial High School Principal Jessica Ward faced a dilemma: Classes were about to start, and the school didn’t have a foreign language teacher.

She contacted nearby universities and the Department of Education and posted the job online, but no one applied, even as five other open teaching positions were filled.

“It was coming down to the wire and school was starting,” Ward said. “Students were already scheduled for foreign language, and we can’t just not offer it.”

The school district had earmarked money for the position, so the guidance counselor and superintendent started researching other options, ultimately putting the money toward the computer program Rosetta Stone to take the place of a full-time French and Spanish teacher.

The teachers' union better hope this doesn't work too well.

Link to Original Source

Submission + - macOS Sierra Is Now Available For Download

Dave Knott writes: Apple's latest desktop operating system, macOS Sierra, is now available for download. In addition to the Siri virtual assistant hitting the desktop for the first time, the free update includes features like a universal clipboard, revamped Messages, a storage optimization tool, and Apple Pay on the web.

Submission + - ITT Educational Services to Cease Operations at all ITT Technical Institutes (

bsharma writes: ITT Educational Services announced on Tuesday that it is shutting down immediately, accusing the federal government of unfairly stripping it of eligibility for student aid.
The company, which was established nearly 50 years ago, operates ITT Technical Institutes. It has around 40,000 students taking classes on campuses and online throughout the United States.

Slashdot Top Deals

"Well hello there Charlie Brown, you blockhead." -- Lucy Van Pelt