dinscott - Slashdot User

Submission + - SPAM: 'World of Warcraft' video game currency now worth more than Venezuelan money

Submitted by schwit1 on Monday July 31, 2017 @08:25PM

schwit1 writes: Venezuelan resident and Twitter user @KalebPrime first made the discovery July 14 and tweeted at the time that on the Venezuela's black market — now the most-used method of currency exchange within Venezuela according to NPR — you can get $1 for 8493.97 bolivars. Meanwhile, a "WoW" token, which can be bought for $20 from the in-game auction house, is worth 8385 gold per dollar.

CNN reported Monday that Maduro proceeded with the assembly, effectively putting the entirety of the Venezuelan government under his control. The Times reported that Trump had warned Maduro on Wednesday that if he carried out the assembly, Trump would push for further sanctions.
Link to Original Source

Submission + - Privacy Watchdog Asks FTC To Look Into Google's Offline Shopping Tracker (arstechnica.com)

Submitted by Anonymous Coward on Monday July 31, 2017 @05:36PM

An anonymous reader writes: A privacy advocacy group has filed a formal legal complaint with the Federal Trade Commission, asking the agency to begin an investigation "into Google’s in-store tracking algorithm to determine whether it adequately protects the privacy of millions of American consumers." In the Monday filing, the Electronic Privacy Information Center (EPIC) said it is concerned with Google’s new Store Sales Management program, which debuted in May. The system allows the company to extend its online tracking capabilities into the physical world. The idea is to combine credit card and other financial data acquired from data brokers to create a singular profile as a way to illustrate to companies what goods and services are being searched for online, which result in actual in-person sales. Because the algorithm that Google uses is secret, EPIC says, there is no way to determine how well Google’s claimed anonymization feature—to mask names, credit card numbers, location, and other potentially private data—actually works. While Google has been cagey about exactly how it does this, the company has previously revealed that the technique is based on CryptDB.

Submission + - Stealing Windows Credentials Using Google Chrome (helpnetsecurity.com)

Submitted by Orome1 on Monday May 15, 2017 @03:01PM

Orome1 writes: A default setting in Google Chrome, which allows it to download files that it deems safe without prompting the user for a download location, can be exploited by attackers to mount a Windows credential theft attack using specially crafted SCF shortcut files, DefenseCode researchers have found. What’s more, for the attack to work, the victim does not even have to run the automatically downloaded file. Simply opening the download directory in Windows File Explorer will trigger the code icon file location inserted in the file to run, and it will send the victim’s username, domain and NTLMv2 password hash to a remote SMB server operated by the attackers.

Submission + - QRLJacking: A New Attack Vector For Hijacking Online Accounts (helpnetsecurity.com)

Submitted by dinscott on Monday August 01, 2016 @11:11AM

dinscott writes: QRLJacking (i.e. Quick Response Code Login Jacking) is a method for tricking users into effectively logging into an online account on behalf of the attacker by making them scan the wrong QR code.

Submission + - Critical Bug In Libotr Opens Users Of ChatSecure, Adium, Pidgin To Compromise (helpnetsecurity.com)

Submitted by Anonymous Coward on Thursday March 10, 2016 @05:53AM

An anonymous reader writes: A vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user’s machine.

Submission + - What Airbnb's Blockchain Authentication Proposal Means For Privacy Online (thestack.com)

Submitted by Anonymous Coward on Wednesday March 09, 2016 @01:14PM

An anonymous reader writes: Nathan Blecharcyzk, one of the co-founders at home rental platform Airbnb, has detailed the company’s interest in blockchain technologies to help establish user reputation and trust. He revealed that in 2016 Airbnb would be looking into blockchain integration, or a similar distributed ledger system, to authenticate a user’s reputation and establish trust on the platform. The proposal marks a potentially revolutionary step for e-commerce sites and peer opinion platforms looking to identify and filter out damaging reviews planted by competitors and trolls, or self-promoting posts which can mislead consumers. However, while protecting the integrity of some, the introduction of a blockchain-based reputation system holds a potential threat to anonymity and privacy online. A distributed and irreversible system for trust management, which stores personal data, could offer a hotbed for doxing and identity theft – and even undermine an individual’s right to be forgotten.

Submission + - Glut of Postdoc Researchers Stirs Quiet Crisis in Science

Submitted by HughPickens.com on Tuesday October 07, 2014 @10:42AM

HughPickens.com writes: Carolyn Johnson reports in the Boston Globe that in recent years, the position of postdoctoral researcher has become less a stepping stone and more of a holding tank as postdocs are caught up in an all-but-invisible crisis, mired in a underclass as federal funding for research has leveled off, leaving the supply of well-trained scientists outstripping demand. “It’s sunk in that it’s by no means guaranteed — for anyone, really — that an academic position is possible,” says Gary McDowell, a 29-year old biologist doing his second postdoc. “There’s this huge labor force here to do the bench work, the grunt work of science. But then there’s nowhere for them to go; this massive pool of postdocs that accumulates and keeps growing.” The problem is that any researcher running a lab today is training far more people than there will ever be labs to run. Often these supremely well-educated trainees are simply cheap laborers, not learning skills for the careers where they are more likely to find jobs. This wasn’t such an issue decades ago, but universities have expanded the number of PhD students they train from about 30,000 biomedical graduate students in 1979 to 56,800 in 2009, flooding the system with trainees and drawing out the training period.

Possible solutions span a wide gamut, from halving the number of postdocs over time, to creating a new tier of staff scientists that would be better paid but one thing people seem to agree on is that simply adding more money to the pot will not by itself solve the oversupply. Facing these stark statistics, postdocs are taking matters into their own hands recently organizing a Future of Research conference in Boston that they hoped would give voice to their frustrations and hopes and help shape change. “How can we, as the next generation, run the system?” said Kristin Krukenberg, 34, a lead organizer of the conference and a biologist in her sixth year as a postdoc at Harvard Medical School after six years in graduate school. “Some of the models we see don’t seem tenable in the long run."

Submission + - DOJ it's OK for DEA to impersonate woman on Facebook (buzzfeed.com)

Submitted by Anonymous Coward on Tuesday October 07, 2014 @10:37AM

An anonymous reader writes: An overlooked Justice Department court filing explains that a federal agent had the right to commandeer a woman's identity, set up a fake Facebook account using her details and even post provocative photographs of her found on a seized phone.

Buzzfeed reports that a Drug Enforcement Administration agent stole the identity of Sondra Arquiett, who then went by the name Sondra Prince, back in 2010...

http://gizmodo.com/doj-it-was-...

Submission + - Infected ATMs Give Away Millions Of Dollars Without Credit Cards

Submitted by Anonymous Coward on Tuesday October 07, 2014 @10:37AM

An anonymous reader writes: Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars. The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.

Submission + - Gmail Security Is A Problem For Tor Users In Repressive Countries

Submitted by blottsie on Tuesday October 07, 2014 @10:32AM

blottsie writes: Google is a long-time contributor to the Tor Project. But a security feature in Gmail poses a potential problem for Tor users who live under dangerous regimes or otherwise need to protect their anonymity, reports Joseph Cox at the Daily Dot.

The email service kicks users out of their login session if it detects logins from IP addresses originating in other countries, then requires a user to enter a PIN code sent to a cellphone. Unless the user has a burner phone, this could potentially betray his or her identity to authorities.

Submission + - Silk Road 2.0 Pledges to Repay £1.7 Million to Users After Bitcoin Theft (ibtimes.co.uk)

Submitted by Anonymous Coward on Tuesday February 18, 2014 @06:39AM

An anonymous reader writes: Online black market Silk Road 2.0 has pledged to pay back more than £1.7 million worth of bitcoins stolen from its servers during a heist last week.

Speaking in a post on Reddit, Silk Road 2.0 moderator Defcon said the website would refund the more than 4,000 bitcoins stolen during the heist, and would not pay its staff until users had been reimbursed.

Submission + - Phone Calls More Dangerous Than Malware (net-security.org)

Submitted by dinscott on Wednesday October 30, 2013 @05:10AM

dinscott writes: During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don't bode well for businesses.

Submission + - The House wants a 'sustained human presence on the Moon and the surface of Mars' (examiner.com)

Submitted by MarkWhittington on Wednesday June 19, 2013 @08:55AM

MarkWhittington writes: Politico reports in a June 18, 2013 story that House Republicans have added a Mars base to its demands for a lunar base in the draft 2013 NASA Authorization bill. Both the Bush era Constellation program and President Obama space plan envisioned eventual human expeditions to Mars. But if Politico is correct, the new bill will be the first time an official piece of legislation will call for permanent habitation of the Red Planet.

The actual legislative language states, “The [NASA] Administrator shall establish a program to develop a sustained human presence on the Moon and the surface of Mars.”

Submission + - To Hack Back Or Not To Hack Back? (net-security.org)

Submitted by dinscott on Wednesday June 12, 2013 @10:23AM

dinscott writes: If you think of cyberspace as a resource for you and your organization, it makes sense to protect your part of it as best you can. You build your defenses and train employees to recognize attacks, and you accept the fact that your government is the one that will pursue and prosecute those who try to hack you.

But the challenge arises when you (possibly rightfully so) perceive that your government is not able do so, and you demand to be allowed to “hack back”.

Submission + - Greek government abruptly shuts down state broadcaster (yanisvaroufakis.eu)

Submitted by Anonymous Coward on Tuesday June 11, 2013 @06:37PM

An anonymous reader writes: The Greek government shut down broadcasting of all tv and radio channels operated by the state-owned broadcaster ERT at midnight local time, with police ejecting journalists and other employees occupying the building. Link is a prominent Greek economics professor's (and Valve's in-house economist) analysis of the political motivations for the move.

Slashdot Top Deals