Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror

Submission + - Chandrayaan mission sleeps for the night

Submitted by Geoffrey.landis
Geoffrey.landis writes: The sun has set in the south polar region of the moon where India's Chandrayaan-3 mission has landed, and the rover has switched off for the night. With luck from the moon gods, it will wake up with the sunrise in 14 days. But, even if not, mission accomplished! It was designed for fourteen days of operation, the daylight period. In that time the rover accomplished just over a hundred meters (American units: one football field) of traverse, examining and chemically analyzing the surface. Good work, India!

Submission + - Why is .US Being Used to Phish So Many of Us? (krebsonsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States. .US is the “country code top-level domain” or ccTLD of the United States. Most countries have their own ccTLDs: .MX for Mexico, for example, or .CA for Canada. But few other major countries in the world have anywhere near as many phishing domains each year as .US.

That’s according to The Interisle Consulting Group, which gathers phishing data from multiple industry sources and publishes an annual report on the latest trends. Interisle’s newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000 .US phishing domains. .US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world’s largest domain registrar. Under NTIA regulations, the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S. But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn’t working. “The .US ‘nexus’ requirement theoretically limits registrations to parties with a national connection, but .US had very high numbers of phishing domains,” Interisle wrote. “This indicates a possible problem with the administration or application of the nexus requirements.”

Dean Marks is executive director and legal counsel for a group called the Coalition for Online Accountability, which has been critical of the NTIA’s stewardship of .US. Marks says virtually all European Union member state ccTLDs that enforce nexus restrictions also have massively lower levels of abuse due to their policies and oversight. [...] Marks said there are very few phishing domains ever registered in other ccTLDs that also restrict registrations to their citizens, such as .HU (Hungary), .NZ (New Zealand), and .FI (Finland), where a connection to the country, a proof of identity, or evidence of incorporation are required. “Or .LK (Sri Lanka), where the acceptable use policy includes a ‘lock and suspend’ if domains are reported for suspicious activity,” Marks said. “These ccTLDs make a strong case for validating domain registrants in the interest of public safety.” Sadly, .US has been a cesspool of phishing activity for many years. As far back as 2018, Interisle found .US domains were the worst in the world for spam, botnet (attack infrastructure for DDOS etc.) and illicit or harmful content. Back then, .US was being operated by a different contractor.

Comment Re: Elimination of data caps (Score 1) 56

by denguydj (#59892672) Attached to: Comcast Details What the Coronavirus Has Done To Network Traffic
Agreed. We have 4k TV's in our house and easily hit 2-4 TB a month. I had to get business class from Comcast (this was when the cap was 350gig though) I don't mind paying for business class since I also work from home some of the time and work pays for some of the bill. But not every one gets that luxury.

Submission + - IBM open sources Mac@IBM code (9to5mac.com)

Submitted by PolygamousRanchKid
PolygamousRanchKid writes: At the Jamf Nation User Conference, IBM has announced that it is open sourcing its Mac@IBM provisioning code. The code being open-sourced offers IT departments the ability to gather additional information about their employees during macOS setup and allows employees to customize their enrollment by selecting apps or bundles of apps to install.

"Oh, joy . . . more employee data collection."

Back in 2015, IBM discussed how it went from zero to 30,000 Macs in six months. In 2016, IBM said Apple products were cheaper to manage when you looked at the entire life cycle:

IBM is saving a minimum of $265 (up to $535 depending on model) per Mac compared to a PC, over a 4-year lifespan. While the upfront workstation investment is lower for PCs, the residual value for Mac is higher The program’s success has improved IBM’s ability to attract and retain top talent – a key advantage in today’s competitive market.

"An interesting claim . . . "

Comment Re:Not completely accurate (Score 1) 102

Here in Colorado ATT and Verizon are way over subscribed. I had an issue the other day where i could not even make a phone call kept getting error messages from them. Called them from another phone (sprint) and asked what was going on. they let me know that the towers in my area had too many people on them. Not too much usage but too many people and that they were going to add a tower. This was a problem before smart phones here in colorado many years ago and it still a problem now. Yet T-mobile and Sprint usually work fine in the city with out issue. The other problem is they use CenturyLink (verizon at least) CentryLink is so over subscribed here that there is pretty bad packet loss across all their products and services that causes even more problems when your on verizon. I told the verizon tech this and he was not even aware looked at the system and goes oh yeah there is some bad packet loss... And no i am not going to stay with verizon as that was my old work phone and as soon as its paid off i am disconnecting it.

Comment Re:Hidden Advantage of Direct Booking (Score 1) 75

by denguydj (#54519229) Attached to: Hotels Now See Online Travel Sites as Rivals
Hotels are the ones that choose to overbook not the site. Most hotels will overbook 10% because those people don't show up. Also they still charge the people that don't show up weather they had room for them or not. Expedia and other sites like it are Pre-Paid most hotels will not refund prepaids because of the rate and the commision paid. They also have contracts with all of the sites that state we will not be lower than the site, hence why you won't always get a better rate calling the hotel. Hotels will generally treat people who pre-pay through third party sites worse than those who do not simply because they already have your money at a lower rate than everyone else who booked through them directly and did not pre-pay. There are many other rules and what not that the hotel will implement based on who owns them if its a franchise or owned by the corp it just all depends. I could go on and on and on but that's the gist. I use to be a front desk manager at a few hotels.

Submission + - Germany's Justice Minister Says Facebook Should Be Treated As a Media Company (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: Germany's Justice Minister says he believes Facebook should be treated like a media company rather than a technology platform, suggesting he favors moves to make social media groups criminally liable for failing to remove hate speech. Under a program that runs until March, German authorities are monitoring how many racist posts reported by Facebook users are deleted within 24 hours. Justice Minister Heiko Maas has pledged to take legislative measures if the results are still unsatisfactory by then. Maas has said the European Union needs to decide whether platform companies should be treated like radio or television stations, which can be held accountable for the content they publish. Under current EU guidelines Facebook and other social media networks are not liable for any criminal content or hate posts hosted on their platform. Instead, in May Facebook, Google's YouTube and Twitter signed the EU hate speech code, vowing to fight racism and xenophobia by reviewing the majority of hate speech notifications within 24 hours. But the code is voluntary not legally binding. The state justice ministers meeting in Berlin called on the government to take swift action against hate speech on the Internet. The ministers called for more transparency and said social media companies should be obliged to regularly publish figures on how many hate posts have been deleted. They also wanted more public information on how notifications are processed and the criteria behind the decision making. Facebook says it is a technology company, not a media company, that builds the tools to supply users with news and information but does not produce content.

Submission + - James Clapper, US Director of National Intelligence, Has Resigned (thehill.com) 4

Submitted by cold fjord
cold fjord writes: James Clapper, Director of National Intelligence, resigned last night. Clapper spent 30 years in military intelligence at the National Imagery and Mapping Agency. He was selected to be the Director of National Intelligence in 2010 with responsibility for 17 US intelligence agencies. Clapper was DNI during the monumental Snowden leaks of documents from NSA and various allied intelligence agencies as well as the release by WikiLeaks of the documents provided by (at the time) Private Bradley Manning. Besides the Snowden and Manning leaks, Clapper was engulfed in controversy over testimony to Congress in which he is alleged to have lied about NSA data collection in responding to a question from Senator Wyden. Clapper had previously stated he would leave at the end of the Obama administration. Clapper's resignation clears the way for incoming president-elect Trump to appoint his own Director of National Intelligence.

Submission + - OAuth 2.0 Flaw Exposes 1 Billion Mobile Apps to Takeover (threatpost.com)

Submitted by msm1267
msm1267 writes: Third-party applications that allow single sign-on via Facebook and Google and support the OAuth 2.0 protocol, are exposed to account hijacking.

Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called “Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0.” The paper describes an attack that takes advantage of poor OAuth 2.0 implementations and puts more than one billion apps in jeopardy.

The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina—which operates Weibo in China—and support SSO for third-party apps. The researchers found that 41.2 percent of the apps they tested were vulnerable to their attack, including popular dating, travel, shopping, hotel booking, finance, chat, music and news apps. None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases.

Slashdot Top Deals

RAM wasn't built in a day.

Close