Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Law enforcement agencies are dealing with malware (post-gazette.com)

mikehusky writes: Sheriff Todd Brackett’s first inclination last year when he learned part of his department’s computerized records management system had been taken over by ransomware was not to pay.

“We’re policemen,” he said. “We don’t pay ransom.” .Law enforcement agencies are dealing with malware and ransom demands

Submission + - IoT Needs Regulation to Prevent Botnets: Report (rtinsights.com)

MarkBrown151 writes: The market won’t fix the problem of botnets and IoT security and the government will need to get involved, according to a cybersecurity think tank.
The stability of the internet could be in serious danger. That’s the dire message from a new report by the Institute for Critical Infrastructure Technology (ICIT), a .cybersecurity think tank

Submission + - NEW CALL TO REGULATE IOT SECURITY BY DESIGN (threatpost.com)

AustinButcher writes: A Washington, D.C. think tank whose mission is critical infrastructure security has joined the call for lawmakers to consider regulating the security of connected devices. In a report published this week, the Institute for Critical Infrastructure Technology pinned the blame for a rash of Mirai malware-inspired IOT botnet DDoS attacks on manufacturer negligence. .IOT botnet DDoS attacks

Submission + - Security-by-design is an indispensable prerequisite to the establishment (icitech.org)

JohnSmith2016 writes: A concise overview of the basic structure of the Internet, including key players and protocols (ISO OSI, TCP/IP)
The anatomy of a Distributed Denial of Service Attack (DDoS) including details on Constructing Botnets, Conventional vs. IoT Botnets, Launching a DDoS Attack, and DDoS-as-a-Service
An overview of the Mirai Incidents including KrebsonSecurity, OVH ISP, Dyn, Liberia, Finland, the Tump / Clinton Campaigns, WikiLeaks and Russian Banks.The Dyn Attack Was Just a Practice Run

Submission + - Cisco: Zeus spawn "Floki bot" malware gaining use, cyber-underworld notorieity (networkworld.com)

coondoggie writes: “[Floki bot] is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011. Rather than simply copying the features that were present within the Zeus trojan ‘as-is’, Floki Bot claims to feature several new capabilities making it an attractive tool for criminals,” Talos wrote.

Submission + - AT&T To Cough Up $88 Million For 'Cramming' Mobile Customer Bills (networkworld.com)

An anonymous reader writes: Some 2.7 million AT&T customers will share $88 million in compensation for having had unauthorized third-party charges added to their mobile bills, the Federal Trade Commission announced this morning. The latest shot in the federal government’s years-long battle against such abuses, these refunds will represent the most money ever recouped by victims of what is known as “mobile cramming,” according to the FTC. From an FTC press release: "Through the FTC’s refund program, nearly 2.5 million current AT&T customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. The average refund amount is $31. [...] According to the FTC’s complaint, AT&T placed unauthorized third-party charges on its customers’ phone bills, usually in amounts of $9.99 per month, for ringtones and text message subscriptions containing love tips, horoscopes, and 'fun facts.' The FTC alleged that AT&T kept at least 35 percent of the charges it imposed on its customers." The matter with AT&T was originally made public in 2014 and also involved two companies that actually applied the unauthorized charges, Tatto and Acquinity.

Comment I would want the option (Score 1) 335

I would certainly want the option, at least after the movie dropped off of the the "top 3 grossing movies of the past 72 hours" list.

I can't figure out a fair pricing model: They will have to charge the same to show it to 1 person on his big-screen TV as to show it to an entire family on their big-screen TV. That will either be too expensive for single people or it will so cheap that families will abandon theaters.

Submission + - Inside The NYPD's Attempt To Build Community Trust Through Twitter (backchannel.com)

mirandakatz writes: When the NYPD rolled out its Twitter presence a couple years back, it didn't go so smoothly: the @NYPDNews account tweeted a request: “Do you have a photo with a member of the NYPD? Tweet us & tag it #myNYPD,” and by midnight the same day, more than 70,000 people had responded decrying police brutality. At Backchannel, Susan Crawford looks at the department's attempt to use Twitter to rebuild community trust, noting that while the NYPD has a long ways to go, any opening up of communication is an improvement on the traditionally tight-lipped culture.

Submission + - IoT devices that were infected with the Mirai botnet set new precedents (icitech.org)

JohnSmith2016 writes: Security-by-design is an indispensable prerequisite to the establishment of vital critical infrastructure resiliency. Each device vulnerable to adversarial compromise, inflates and bolsters the exploitable cyber-attack surface that can be leveraged against targets, and every enslaved device grants adversaries carte blanche access that can be utilized to parasitically entwine malware into organizational networks and IoT microcosms, and that can be leveraged to amplify the impact and harm inflicted on targeted end-users, organizations, and government entities" .James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

Submission + - Are your personal details for sale on the Dark Web? This new cybersecurity servi (ibtimes.co.uk)

drunkdrone writes: A new online service security service has launched in the UK that scans the Dark Web for stolen data and alerts users if their personal information has been leaked online.

OwlDetect trawls encrypted websites most commonly used for illegal trading for "almost any piece of personal data" that might have been leaked or stolen during a cyberattack. This includes email addresses, debit and credit cards numbers, bank details and even driving license and passport numbers.

Submission + - Will the Genetic Engineering Revolution Start With Homebrewers? (gizmodo.com)

An anonymous reader writes: According to Kristen Brown from Gizmodo, Josiah Zayner, an ex-NASA Synthetic Biologist, who created the DIY CRISPR Kit for at home genetic engineering has taken things one step further by creating the first consumer kit that allows people to create something tangible with genetic design. With this new kit anyone can engineer most any yeast, including brewing yeast, to fluoresce with the jellyfish Green Fluorescent Protein(GFP). Zayner said to Gizmodo, "When the personal computer came out I imagine people purchased it because it was cool and maybe had a game they could play or a program they could use. Now living organisms are the computer and DNA is the code that writes reality. We want to give people the ability to reach into their imagination and bring things into existence using genetic design.” The kit, as well some pre-engineered yeast strains are in limited beta release with a plan to have a number of other yeast DNA modification options in the coming months.

Submission + - Popular Smart Toys Violate Children's Privacy Rights? (helpnetsecurity.com)

Orome1 writes: My Friend Cayla and i-Que, two extremely popular “smart” toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children’s) rights to security and privacy, researchers have found. According to the findings by researchers from Scandinavian tech consultancy Bouvet, which was contracted to test the toys on behalf of the the Norwegian Consumer Council, there are many wrong things about these two interactive, Internet connected toys: lack of security, illegal user terms, sharing of kids’ secrets, asking for potentially sensitive information, subjecting kids to to hidden advertising, and more.

Submission + - ForgeRock Seem to be Distancing Themselves from Open Source (forgerock.org) 1

Guy Paddock writes: As recently reported on Hacker News, ForgeRock — the company who develops OpenAM, OpenDJ, and OpenIDM — has cut off public access to the latest CDDL code for their projects.

Based on revision history, ForgeRock quietly updated "How to Build" pages in Confluence on November 14th, 2016 to point to different, "public" repositories that only have source code from the last major version of each of their products. Then, in the early morning of November 29th, ForgeRock sealed off both source code and pull request access to all of the original repositories. Only the repositories containing the older, major release code are now available for public consumption.

The open source community is now left to speculate what role, if any, they will play in helping to shape the future of ForgeRock products. This may also have repercussions for small-shop deployments who rely on the open source edition for bug fixes and security updates.

To date, the company has made no formal press release or public statement about their plans, but rumblings in user forums have prompted Aaron Kozak, the Digital Marketing Coordinator for ForgeRock, to weight in.

Mr. Kozak responded to users' concerns by stating, "We apologise for any inconvenience our recent changes may have caused. We are preparing for the next major release of the ForgeRock Identity Platform and as part of this process, we are no longer providing public access to our nightly builds and source code for the upcoming platform release. Open source downloads are still available via https://backstage.forgerock.co...."

When asked whether access to the latest code (the "trunk") would be restored after the upcoming releases, Kozak did not speculate, and offered only a statement that, "I’m sure that more details will be made available with the new release in the near future, but unfortunately I do not have any more information at this time."

Submission + - Virginia spent over half a million on cell surveillance that mostly doesn't work (muckrock.com)

v3rgEz writes: In 2014, the Virginia State Police spent $585,265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: The DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked 7 of those times. Read the full DRTbox documents at MuckRock.

Slashdot Top Deals

"We want to create puppets that pull their own strings." -- Ann Marion "Would this make them Marionettes?" -- Jeff Daiell

Working...