Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Switzerland Votes For Legal State Surveillance In Referendum

Mickeycaskill writes: Secret service agents are able to legally hack computers in Switzerland after the country voted for a law that allowed them to do so in order to prevent terrorist attacks.

Switzerland practices ‘direct democracy’, a model which allows citizens to propose a referendum to be held on any law.

Two thirds of voters came out in favour of the law despite critics warnings that it could lead to arbitrary surveillance. It is likely this was galvanized by the spate of terrorist attacks that have occurred in Europe this year.

“It gives Switzerland modern tools to respond to current threats,” Defence Minister Guy Parmelin said.

Comment Re:Control and management (Score 2) 75

Pretty much this, and given how bad many IoT devices are, even if you do change the passwords, etc., it's safer to just assume that they already have been compromised, or that they will be. Since we're talking retrospectively here, set up some connection logging on your outbound router. See if there's anything in the logs that's not what you were expecting, bearing in mind that they'll almost certainly be phoning home to "check for updates" and "backup your data to the cloud" (AKA "monetize your data"). Done. A better approach would have been to be more proactive (because the typical SoHo router vendor sure as hell won't be); as a minimum lock down anything you don't need, put all the IoT type devices on a dedicated network away from the stuff that matters, and configure the router to send an alert when anything anomalous happens. Bonus points for things like implementing BCP38 locally so even when you are compromised at least tried to minimise the damage, enabling syslog and actually monitoring the output, and other basic security principles.

Submission + - Ask Slashtot: How to determine if your IOT device is part of a botnet? 1

galgon writes: There has been a number of stories of IoT devices becoming part of
Botnets and being used in DDOS Attacks. If these devices are seemingly working correctly to the user how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?

Submission + - New formula massively reduces prime number memory requirements.

grcumb writes: Peruvian mathematician Harald Helfgott made his mark on the history of mathematics by solving Goldbach's Weak Conjecture, which every odd number greater than 5 can be expressed as the sum of three prime numbers. Now, according to Scientific American, he's found a better solution to the Sieve of Erasthones:

In order to determine with this sieve all primes between 1 and 100, for example, one has to write down the list of numbers in numerical order and start crossing them out in a certain order: first, the multiples of 2 (except the 2); then, the multiples of 3, except the 3; and so on, starting by the next number that had not been crossed out. The numbers that survive this procedure will be the primes. The method can be formulated as an algorithm.

But now, Helfgott has found a method to drastically reduce the amount of RAM required to run the algorithm:

Helfgott was able to modify the sieve of Eratosthenes to work with less physical memory space. In mathematical terms: instead of needing a space N, now it is enough to have the cube root of N.

So what will be the impact of this? Will we see cheaper, lower-power encryption devices? Or maybe quicker cracking times in brute force attacks?

Comment Re:I wonder how well.. (Score 4, Interesting) 117

I can't see Brian Krebs moving to Cloudflare under any circumstances. He's lain into them far too many times, and will likely continue to do so, over their support of various cybercrime operations like the vDOS stressor that his exposure of - and arrest of two suspects - likely lead to someone launching the DDoS that took him off line earlier this week. As Krebs sees it, Cloudflare are a major part of the problem and their activities are highly questionable since they directly benefit from people seeking protection from the very services Cloudflare are helping stay in operation; it just makes it easier to keep the moral highground if he's hosted elsewhere. Cloudflare's view is that because they are not actually hosting the sites themselves, just hosting a reverse proxy that redirects traffic to them, they are on firm legal ground and are doing nothing wrong.

Something to think about, if you're in the market for DDoS protection...

Submission + - California Enacts Law Requiring IMDb to Remove Actor Ages on Request (hollywoodreporter.com)

schwit1 writes: California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove – or not post in the first place – an actor’s age or birthday upon request.

The law, which becomes effective January 1, applies to database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or non-publication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories.

The purpose of the law is to prevent age discrimination. How soon will it get struck down for violating free speech?

Comment Re:Not sure you have a lot of options? (Score 1) 192

Then you're doing it wrong. You need to either, 1) slipsteam your install media with all the patches and do your build(s) that way, or 2) disconnect the network, install from SP1 media, reboot, then install the "Convenience Update" (KB3125574) (AKA SP2, released in April), reboot again, then connect it up and let it get the remaining post-April updates. Both approaches are far from perfect, and still have the odd glitch, but they are a lot more efficient than letting an new SP1 install try to patch itself.

Still not even remotely close to the efficiency of Linux's approach of an integrated download of any updated packages during the install, then a single reboot though...

Submission + - Brian Krebs is back online, with Google Cloud Hosting (krebsonsecurity.com)

Gumbercules!! writes: After the massive 600mbps DDOS on http://krebsonsecurity.com/ last week that forced Akamai to withdraw the (pro-bono) DDOS protection they offered the site, krebsonsecurity.com is now back online, hosted by Google.

Following Brian Krebs breaking an article on vDOS (https://developers.slashdot.org/story/16/09/08/2050238/israeli-ddos-provider-vdos-earned-600000-in-two-years), leading to the arrest of the two founders, his site was hit with a record breaking DDOS. It will certainly be an interesting test of Google's ability to provide DDOS protection to clients.

Submission + - Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs (theregister.co.uk)

An anonymous reader writes: A fresh update for Capcom's Street Fighter V for PCs includes a knock-out move: a secret rootkit that gives any installed application kernel-level privileges.

This means any malicious software on the system can poke a dodgy driver installed by SFV to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking the high-def beat 'em up to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor. Gamers realized something was a little off when the upgrade brought in a new driver and demanded operating-system-grade access to the computer before the game starts. A number of players say they couldn't even get the new version to work at all. A full-blown online meltdown ensued.

Comment Re:Could this be FUD? (Score 1) 43

Most people don't get an unfiltered email feed any more; your ISP or webmail provider will be rejecting or dumping a lot of the more obvious junk long before it even comes close your spam folder, let alone your inbox, so unless you are running your own mail server and can see all the inbound email unfiltered and are monitoring SMTP rejects it's much harder to tell. Cisco Talos is essentially going to be using the SpamCop feed and traps to make their assessments, so they have access to a *lot* of "raw" SMTP traffic on which to base their judgement. I only run a relatively small number of spam traps to get some spam for teaching Bayes because my MTA level filtering blocks out upwards of 90% of the crap before it even gets to SpamAssassin so there's a larger margin of error and not the >100% rise Talos is seeing, but even so I'm seeing a sharp uptick in volume and a lot more port scanning for SMTP servers than has been the case for quite some time.

Submission + - Microsoft Patents AI To Monitor All Actions In Windows And Feed It To Bing (hothardware.com) 1

MojoKid writes: Microsoft has angered users over the past year for its willingness to push the boundaries of acceptable practice for promoting adoption of its operating system. Also, some feel it crossed that line with respect to user data collection and privacy concerns. However, Microsoft stands to garner a lot more criticism if its recent patent filing comes to life in a production software product. The title of the filing is "Query Formulation Via Task Continuum" and it aims to make it easier for apps to share data in real-time so that the user can perform better searches. Microsoft feels that the current software model in which applications are self-contained within their own silos potentially slows the user down. To combat this disconnect, Microsoft has devised a way to facilitate better communications between apps through the use of what it calls a "mediation component." This is Microsoft's all-seeing-eye that monitors all input within apps to decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the mediator and processed. So when the user goes to the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query. Microsoft says that this will provide faster, more relevant searchers to users. The company says the mediator can be introduced as an optional module that can be installed in an operating system or directly built in. If it's the latter, plenty of people will likely be looking for a kill switch.

Comment Re:Trump & spam (Score 2) 43

I'm sure there's a lot of election related phishing out there too, and I've got lots of examples of that too, but as I noted all of this is pointed entirely at genuine Trump/GOP domains with a few MSM ones thrown in for citations; it's almost certainly genuine campaign spam from Trump or one of his supporters acting (possibly independently) on his behalf - there are no dodgy domains at all (unless you want to count Fox News), including in the mail headers, which are from a legit ESP. They're also hitting spamtraps that go back years (some were only ever seeded on Usenet over a decade ago) so either someone in Trump's campaign, officially or otherwise, has been buying really low quality mailing lists, or someone has fed them a bunch of email addresses from them.

Comment Trump & spam (Score 2) 43

Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Can't say I'm at all surprised by that. I've been getting a steady stream of what appear to be genuine emails from the Trump campaign (all the links are to legit Trump and GOP domains, plus a few MSM ones) asking for donations for a few weeks now. There's a whole bunch of problems with that, other than it being UBE - I'm a British citizen so I don't think Trump can legally accept my donation anyway; several of the domains involved are within the .uk ccTLD; and the addresses concerned are all (and always have been) spam traps. And yes, I have been forwarding them all to the FEC.

Seriously, Donald, if you're going to let your campaign team buy email lists from who-knows-where and spam the shit out of them, they could at least do some basic list washing first - it's starting to look like Hillary isn't the only one with an incompetent email admin team...

Submission + - Obama used a pseudonym in emails with Clinton, FBI documents reveal (politico.com)

schwit1 writes: President Barack Obama used a pseudonym in email communications with Hillary Clinton and others, according to FBI records made public Friday. The disclosure came as the FBI released its second batch of documents from its investigation into Clinton’s private email server during her tenure as secretary of state.

The 189 pages the bureau released includes interviews with some of Clinton’s closest aides, such as Huma Abedin and Cheryl Mills; senior State Department officials; and even Marcel Lazar, better known as the Romanian hacker “Guccifer.”

In an April 5, 2016 interview with the FBI, Abedin was shown an email exchange between Clinton and Obama, but the longtime Clinton aide did not recognize the name of the sender.

"Once informed that the sender's name is believed to be pseudonym used by the president, Abedin exclaimed: 'How is this not classified?'" the report says. "Abedin then expressed her amazement at the president's use of a pseudonym and asked if she could have a copy of the email."

Submission + - Scientists Demonstrate Long Distance Quantum Communication (eweek.com)

An anonymous reader writes: Scientists have shown that some subatomic particles exhibit quantum entanglement, which potentially enables unhackable communications that may be able to travel faster than the speed of light. The theory of quantum entanglement has been around for over half a century, but until recently this very strange property of some subatomic particles has been difficult to prove. Now experiments are showing it's a very real phenomenon.

Quantum entanglement is a property that allows those particles to share characteristics, so that when they're put into close proximity, they become indistinguishable. Two or more particles can become entangled, so that when scientists measure the state of one particle, other particles appear to exhibit the same state. The use of quantum encryption is most likely to become available in the near term because it's effectively become an engineering problem, not a problem of theoretical physics. Beyond that, more research is necessary. Nobody knows how to do it just yet, but researchers are working on the problems.

Slashdot Top Deals

"The voters have spoken, the bastards..." -- unknown