Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - DNA, Crypto & Shakespeare: Sandia Labs Creates Mind-Blowing Storage Technolo (darkreading.com)

ancientribe writes: Researchers from Sandia National Labs are experimenting with a new more secure form of data storage that--get this--is based on DNA. The project is for a long-term archival technology that could securely store records for the National Archives, government personnel records, research findings at the national labs, or other sensitive classified information. (Paging the US State Department). How does The Bard fit in? The researchers got the idea from the European Bioinformatics Institute's experiment that recorded all of Shakespeare’s sonnets into 2.5 million base pairs of DNA. Welcome to the future.

Submission + - NASCAR Race Team Learned About Ransomware The Hard Way (darkreading.com)

ancientribe writes: NASCAR racing team Circle Sport-Leavine Family Racing is publicly telling its story about getting hit with Teslacrypt ransomware back in April in hopes of helping other businesses avoid the same missteps. The team ended up paying the attackers $500 in digital currency to unlock its $2 million worth of strategic data used for its racing operation, including the race car specs needed for the Sprint Cup series.

Submission + - That Time I Got Publicly 'Hacked' (darkreading.com)

ancientribe writes: All it takes is one lapse in judgment: you can't help yourself, and you log into that unsecured WiFi to check your email, and boom, your credentials are compromised. A "cautionary tale" of how one cybersecurity editor who knew better, went there.

Submission + - 10 Years After The Infected USB Experiment FAIL (darkreading.com)

ancientribe writes: It's been a decade since social engineer Steve Stasiukonis sprinkled infected USB sticks in the parking lot, smoking areas, and other employee hangouts of a credit union client. Of the 20 USB drives planted, 15 were found by employees who then plugged them into their machines. Fast forward to 2016, and employees at various companies continue to fall for similar USB tests his firm has run: in one case, the employer found several employees donning poisoned USB devices and customized lanyards around their necks: "Like a mad man, he started going from person to person, tearing them off."

Submission + - Creepy New Ransomware Riffs Off 'Saw' Horror Film (darkreading.com)

An anonymous reader writes: The creepy image of Billy the puppet from the horror film “Saw” pops up on the computer screen of victims of the new "JIGSAW" ransomware, warning them that they have 24 hours to pay up or their now-encrypted files will be deleted. Trend Micro describes it as an exponential attack: “Recent crypto-ransomware families have ransom amounts that grow as time passes, but not with the same increments as JIGSAW. To make matters worse, it deletes a larger amount of files with every hour while the amount to be paid also increases." The idea is to pressure users pressured into paying the ransom ASAP.

Submission + - Microsoft Invests $1 Billion In 'Holistic' Security Strategy (darkreading.com)

ancientribe writes: Microsoft over the past year has invested $1 billion in security and doubled its number of security executives, the company's CISO Bret Arsenault told Dark Reading. CEO Satya Nadella today officially announced the launch of a new managed security services group and a new cyber defense operations center — all part of its new strategy of holistic and integrated security across its products and services. Microsoft execs rarely detail the company's strategy so publicly, so that in itself underlines how security is a major element in its strategy.

Submission + - State Trooper Cars Hacked

ancientribe writes: Two models of Virginia State Police cruisers were hacked in an experiment to expose vulnerabilities in the vehicles and to come up with ways to protect the cars from hackers. Mitre, the Virginia Dept. of Motor Vehicles, the University of Virginia, and other organizations in cooperation with DHS and the DOT demonstrated the attacks on an unmarked 2012 Chevrolet Impala and a marked patrol car, a 2013 Ford Taurus. GM and Ford even provided their comments to the press in the wake of the experiment.

Submission + - Jeep Hackers Plotting Next Hack (darkreading.com)

ancientribe writes: Famed car hackers Chris Valasek and Charlie Miller are mulling their next big car hack after their "monumental" demonstration of how they could remotely control the accelerator (and other elements) of a Jeep Cherokee on the highway, according to Valasek, who grew up in a town called Ford City. Really.

Submission + - Underwriters Laboratories To Launch Cybersecurity Certification for IoT (darkreading.com)

ancientribe writes: Coming soon: an Underwriters Laboratories cybersecurity certification for Internet of Things products. The UL is putting the final touches on its own testing and certification program for these consumer products, a UL official told Dark Reading. The organization is also involved with a White House initiative to promote such security certification standards for Internet-connected consumer devices.

Submission + - 'Bar Mitzvah Attack' Plagues SSL/TLS Encryption (darkreading.com)

ancientribe writes: Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore.

Submission + - Hackin' At The Car Wash, (Yeah) (darkreading.com)

PLAR writes: Those LaserWash automatic car washes can be easily hacked via the Internet to get a free car wash or to manipulate the machines that clean the cars, a security researcher has found. Billy Rios says these car washes have web interfaces with weak/default passwords that if obtained, could allow an attacker to telent in and use an HTTP GET request to control the machines. And this very likely isn't the only car wash brand that's vulnerable, according to Rios.

Submission + - Forget Stuxnet: Banking Trojans Attacking Power Plants (darkreading.com)

PLAR writes: Everyone's worried about the next Stuxnet sabotaging the power grid, but a security researcher says there's been a spike in traditional banking Trojan attacks against plant floor networks. The malware poses as legitimate ICS/SCADA software updates from Siemens, GE and Advantech. Kyle Wilhoit, the researcher who discovered the attacks, says the attackers appear to be after credentials and other financial information, so it looks like pure cybercrime, not nation-state activity.

Submission + - The World's Most Hackable Cars (darkreading.com)

ancientribe writes: If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas.

Submission + - Website Hacks Dropped During World Cup Final (darkreading.com)

PLAR writes: In case you were wondering: cyber criminals apparently care about who wins the World Cup. Researchers at Imperva studied attack data during the World Cup quarterfinal, semifinal and final matches, and found some interesting stats. Attackers upped their attacks during the quarters and semis — especially during that horrendous match when Germany routed Brazil — and hardly did any hacking during the final.

Submission + - 6 Things That Stink About SSL (darkreading.com) 1

ancientribe writes: We all have a love-hate relationship with SSL. Dark Reading recaps some of the real problems with Secure Sockets Layer implementations today, illustrated with some clever cartoons.

Slashdot Top Deals

You cannot have a science without measurement. -- R. W. Hamming