Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Operation Payback: protests via mouse click (

juct writes: "The UK site The H took a quick look at the tool being used in the recent DDoS attacks against Mastercard, Visa and Paypal. It's called LOIC ("Low Orbit Ion Cannon") and connects to an IRC channel or a Twitter account to receive orders for coordinated denial of service attacks. Essentially it works a bit like a voluntary bot network."

Submission + - Mozilla to protect Adobe Flash users ( 1

juct writes: "Firefox is going to check the version of installed Adobes Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online". Only recently a study confirmed, that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Submission + - From the diary of a spy (

juct writes: "A former agent of the British MI5 secret service, told tales out of school at the 24th Chaos Communication Congress (24C3) in Berlin last Saturday. Apart from revealing details about the agency's computer problems she also gave insight into the thought processes and methods used by spies and called emphatically for more democratic control."

Submission + - Secure your PHP aps -- now (

juct writes: "In their yearly top 20 security risks the Internet Storm Center names web applications as top risk for servers: "Every week hundreds of vulnerabilities are reported in commercially available and open source web applications, and are actively exploited." The number one problem they list is "PHP Remote File Include". So why not spend a little time to secure your web server now. heise Security has a writeup on Basic PHP security with practical examples."

Submission + - Antivirus protection worse than a year ago (

juct writes: "In a test of 17 antivirus products, the german magazine c't concluded, that the effectiveness has fallen off, and more and more pests can now slip past these barriers. Most of the products perform reasonably well if they can rely on their database of signatures. But if they have to detect new malware with heuristics, the results were worse than last year. Besides this c't did the first comprehensive test of behaviour blocking in antivirus products and found that more than half of them did not react on suspicious behaviour at all. The test itself is available only in the printed magazine, heise Security published a summary."

Submission + - Dreamlab cracks wireless keyboard encryption (

Felix writes: "Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped. Checkout for further information."

Submission + - SecTor conference starts of with DNS(SEC) talks

leto writes: Dan Kaminsky and Paul Wouters both presented DNS security talks at the new Canadian security conference SecTor in Toronto. Kaminsky showed a DNS binding attack using javascript and flash, allowing him to penetrate any firewall and start scanning the internal network of any user that visited his website. Wouters gave a presentation on the Theory and current worldwide operational experiences of DNSSEC that included a fancy google map overlay showing all TLD's deploying or testing DNSSEC. For those not convinced about the need for DNSSEC, he showed "15 ways of using the DNS to capture your clicks". Other speakers included Rohit Sethi and Nish Bhalla demonstrating their new Opensource Exploit-Me series of Firefox plugins to perform automated penetration testing, Johnny Long with a hilarious talk on Hacking Hollywood, and the mandatory presentations about wifi and bluetooth insecurities. No presentors were denied entry into Canada.

Submission + - Spying on the TOR anonymisation network (

juct writes: "The long standing suspicion, that the anonymizing network TOR is (ab)used to catch sensitive data by Chinese, Russian and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

Submission + - Apple Mail in Leopard vulnerable again (

juct writes: "In March 2006 Apple defused a security problem in Apple Mail that made it possible to inject disguised malignant code. In Leopard, the patch was apparently forgotten. This means that you can inadvertently start an executable by double-clicking a mail attachment that looks like a JPEG image file. This works with special attachmnets of the MIME type AppleDouble, that carry information which application should be used to open a file. In Tiger you got a warning about a program being opened, Leopard silently executes a shell script with heise Security provides a demo, where you can check for yourself."
The Military

Submission + - Who will defeat Colossus? (

juct writes: "Starting this Thursday Radio amateurs and cryptologists are being challenged to decode encrypted radio messages generated by a Lorenz SZ42 cipher machine and sent using the original radio protocol from WWII. Those taking part in the cipher event will compete against a rebuild of the computer used to crack enciphered messages sent by the German high command 63 years ago. See: Who will defeat Colossus?"

Submission + - Leopard firewall functionality and holes (

jmt(tm) writes: "The uk version of German it news site heise runs a follow up of earlier stories on problems with the firewall in Apple's new version of OS X. They take a look at Apple's own documentation, now available at the Mac OS X 10.5: About the Application Firewall page. Their verdict is clear: "Alltogether this confirms the impression created by the initial functionality test. In its current version, this firewall cannot be recommended for practical use.""

Slashdot Top Deals

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"