Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Maxthon Web Browser Sends Sensitive Data to China

wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors.

Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number.

Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.

Submission + - Facebook Messenger to Add Strong Encryption

wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF).

Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.

Submission + - Malware Steals Data From Air-Gapped Devices via Fans (securityweek.com)

wiredmikey writes: Researchers have demonstrated that data can be stolen using fans and a mobile phone placed in the vicinity of the targeted machine. The method, dubbed Fansmitter, leverages the noise emitted by a computer’s fans to transmit data.

Researchers from Ben-Gurion University of the Negev explained (PDF) that a piece of malware installed on the targeted air-gapped computer can use the device’s fans to send bits of data to a nearby mobile phone or a different computer equipped with a microphone.

Comment Re:Actually 3rd point was agreement with trial jud (Score 1) 23

Actually whoever the new guy is, I don't find the site to be "improved" at all; seems a little crummy. The story was butchered and incorrectly interpreted, and the all important software for interaction seems less interactive.

But what do I know?

As to my absence I've been a bit overwhelmed by work stuff, sorry about that, it's no excuse :)

Comment Actually 3rd point was agreement with trial judge (Score 4, Informative) 23

The story as published implies that the ruling overruled the lower court on the 3 issues. In fact, it was agreeing with the trial court on the third issue -- that the sporadic instances of Vimeo employees making light of copyright law did not amount to adopting a "policy of willful blindness".

Submission + - Appeals court slams record companies on DMCA in Vimeo case

NewYorkCountryLawyer writes: In the long-simmering appeal in Capitol Records v. Vimeo, the US Court of Appeals for the 2nd Circuit upheld Vimeo's positions on many points regarding the Digital Millenium Copyright Act. In its 55 page decision (PDF) the Court ruled that (a) the Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA, (b) the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge", and (c) a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. The Court seemed to take particular pleasure in eviscerating the Copyright Office's rationales. Amicus curiae briefs in support of Vimeo had been submitted by a host of companies and organizations including the Electronic Frontier Foundation, the Computer & Communications Industry Association, Public Knowledge, Google, Yahoo!, Facebook, Microsoft, Pinterest, Tumblr, and Twitter.

Submission + - Singapore Blocking Internet Access on Government Computers (securityweek.com)

wiredmikey writes: Singapore will be cutting off Internet access for government work stations within a year for security reasons.

A surprise move in one of the world's most wired countries, the measure was aimed at preventing cyber attacks and the spread of malware.

Public servants will reportedly still have access to the Internet on their personal devices, and dedicated Internet-linked terminals will be issued to civil servants who need them for work.

Submission + - "SandJacking" Attack Allows Install of Evil iOS Apps (securityweek.com)

wiredmikey writes: An unpatched iOS vulnerability can be exploited to replace legitimate applications with a rogue version that allows attackers to access sensitive information without raising any suspicion.

While Apple's iOS 8.3 prevents the installation of an app that has an ID similar to an existing one, security researcher Chilik Tamir discovered a new method, which he dubbed “SandJacking."

Tamir demonstrated the SandJacking attack at the Hack In The Box (HITB) conference in Amsterdam on Thursday using Skype as the targeted application. However, the researcher told SecurityWeek that SandJacking attacks have been successfully tested against numerous popular applications.

The vulnerability was discovered in December 2015 and reported to Apple in January. The tech giant has confirmed the issue, but a patch has yet to be developed. Once Apple addresses the flaw, Tamir says he will release a SandJacker tool that automates the entire process of pushing malicious apps to iOS devices via the SandJacking vulnerability.

Submission + - Microsoft May Ban Your Favorite Password

wiredmikey writes: Microsoft is taking a step to better protect users by banning the use of weak and commonly-used passwordsacross its services.

Microsoft has announced that it is dynamically banning common passwords from Microsoft Account and Azure Active Directory (AD) system. In addition to banning commonly used passwords to improve user account safety, Microsoft has implemented a feature called smart password lockout, meant to add an extra level of protection when an account is attacked.

Microsoft is seeing more than 10 million accounts being attacked each day, and that this data is used to dynamically update the list of banned passwords. This list is then used to prevent people from choosing a common or similar password.

Comment Re:Only programmers (Score 1) 172

That isn't true.

Tetra was used by military, police, etc.

Military communications did NOT have any encryption.

Police communications DID have encryption, although a weak one.

He wasn't charged for intercepting plaintext military communications, but for breaking the encryption, eavesdropping on police communications *and* obstructing/jamming several police radio stations.

Comment Re: Hm... (Score 1) 172

According to the article, possession of a imitation police badge was the basis for the criminal charge.

No idea about the translated article, but the Slovenian says the following:

1) IT system breach

2) Forgery (fake badge), pretending to be policeman multiple times in 2010 and 2014 (not between, in)

3) Unlawful audio recording

All those are criminal charges.

Submission + - Millions Stolen in Coordinated ATM Heist (securityweek.com)

wiredmikey writes: A manhunt is underway for criminals who looted millions from Japan's cash machines nationwide in an hours-long heist, officials and reports said Monday.

Armed with fake credit card details from South Africa's Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated attack earlier this month. The international gang members, reportedly numbering around 100 people, each made a series of withdrawals in less than three hours, Japanese media said. Japanese police declined to confirm the robbery, but Standard Bank acknowledged the heist and put its losses at around $19 million.

Submission + - SWIFT Bank Hacks Show Links to Sony Attack

wiredmikey writes: The malware used in the $81 million Bangladesh Central Bank heist could be be linked to the massive attack against Sony Pictures in 2014, according to a new report. Malware used on SWIFT based systems against a commercial bank in Vietnam, in addition to the attack in Bangladesh, appears to be based off a similar common code-base, according to BAE Systems.

While experts from BAE Systems believe the same attacker was behind the attacks in Bangladesh and Vietnam, they did not attribute the attack to any specific group or nation.

Slashdot Top Deals

"We want to create puppets that pull their own strings." -- Ann Marion "Would this make them Marionettes?" -- Jeff Daiell

Working...