Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Police Reveal Botnet Herders' Disaster Recovery Secrets (databreachtoday.com)

kierny writes: Cybercrime gangs and fraudsters have been adapting to botnet disruptions and takedowns. "What we're seeing is the bad guys are starting to learn from this," said Steven Wilson, head of the European Cybercrime Center at Europol — the EU's law enforcement agency — at a recent cybersecurity conference. "They now have their disaster recovery plans. They're the ones who can be back up and running within a day to two days." Security researchers say these backup botnets are tough to detect, until gangs have already spooled them up and put them to use in major campaigns.

Submission + - Attack Alert: JavaScript Spam Installs Ransomware (databreachtoday.com)

kierny writes: A spam email campaign has been tricking users into installing a trio of JavaScript-based downloaders, which then download and install Locky and TeslaCrypt ransomware — provided users fall for the related social-engineering trickery, Microsoft warns.

Submission + - I Believe in Cybercrime Unicorns (databreachtoday.com)

kierny writes: Cybercrime syndicates that use CryptoWall 3 ransomware have been tied to at least $325 million in illegal profits. Cue this provocative question from Mikko Hyponnen, chief research officer of security firm F-Secure: What if some individual cybercrime gangs — using not just ransomware, but a variety of other tools and scams — have earned so much illicit profit that they've become "unicorns"? That's VC-speak for a startup with a valuation of more than $1 billion, and other security experts believe he's right.

Submission + - 13 Scenes from an Irish Cybercrime Conference (databreachtoday.eu)

kierny writes: Lock-picking, capture the flag, a secure coding challenge, and briefings covering social engineering and awareness/education to briefings from the country's fraud squad and on skiddy forums: This is what an Irish cybercrime conference looks like.

Submission + - Microsoft Finally Kills Windows XP Antivirus (databreachtoday.com)

kierny writes: Shed a tear for enthusiasts of aging Microsoft Windows operating systems. That's because Microsoft is finally deep-sixing Windows XP — the antivirus engine, that is. After seven years of related warnings, Microsoft on July 14 stopped updating its built-in Microsoft Security Essentials software, or feeding it new signature updates. Other antivirus vendors are continuing to promise XP-compatibility for their products, as is Google for Chrome — for now.

Of course, old tech never dies — it just fades asymptotically away. But the 12% of all desktops and laptops still running XP show that breaking up [with aging Microsoft operating systems] is still hard to do.

Submission + - Google's Psychological Patch Warfare (databreachtoday.com)

kierny writes: Psychologically speaking, nothing beats the power of a well-timed deadline. Love it or hate it, Google's "Project Zero" bug hunting team has been alerting vendors to vulnerabilities and giving them just 90 days to release a related fix. After that, bug details go public. Psychology and time-management expert Oliver Burkeman says such moves are no mistake. Rather, they imply Google's clever application of psychological "anchoring" and "framing" techniques to "hack" the previous, Microsoft-promulgated "we'll patch it when we patch it, and don't try to rush us" mentality.

Submission + - Report: Mercenaries Behind APT Attacks (inforisktoday.co.uk)

kierny writes: An increasing number of online attacks are not being launched by governments or carder gangs, but rather by opportunistic mercenaries who sell whatever they can steal, to the highest bidder, information security consultancy Taia Global says in a new report:

"These mercenary hacker groups range from small groups with little funding to specialty shops run by ex-government spooks, to highly financed criminal groups who use similar if not identical tactics to nation state actors. That they are rarely discovered is due in part to their skill level and in part to being misidentified as a state actor instead of a non-state actor if they are discovered."

Cue implications for attribution and sanctions — and the possibility that the Sony Pictures hack blamed on North Korea was actually the work of mercenaries, says Europol cybersecurity advisor Alan Woodward.

Submission + - 'Endrun' Networks: Help in Danger Zones (healthcareinfosecurity.com)

kierny writes: Drawing on networking protocols designed to support NASA's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, and debuted at Black Hat Europe, its creators hope the delay-tolerant and disruption-tolerant system — which runs on Raspberry Pi — could be deployed everywhere from Ebola hot zones in Liberia, to war zones in Syria, to demonstrators Ferguson.

Submission + - Feds Fumble Spyware Story (inforisktoday.co.uk)

kierny writes: If selling spyware is illegal, is it OK to give it away for free? "Selling spyware is not just reprehensible, it's a crime," says assistant attorney general Leslie R. Caldwell, announcing the indictment of a Pakistani CEO for making and selling spyware software, which officials have warned could be used by predators or domestic abusers. So why have 245 law enforcement agencies across 35 states — plus the U.S. Marshals — used public funds to buy and distribute the spyware for free to families, when such software could likewise be abused?

Submission + - NASA Eyes Crew Deep Sleep Option for Mars Mission (discovery.com)

astroengine writes: A NASA-backed study explores an innovative way to dramatically cut the cost of a human expedition to Mars — put the crew in stasis. The deep sleep, called torpor, would reduce astronauts’ metabolic functions with existing medical procedures. Torpor also can occur naturally in cases of hypothermia. “Therapeutic torpor has been around in theory since the 1980s and really since 2003 has been a staple for critical care trauma patients in hospitals," aerospace engineer Mark Schaffer, with SpaceWorks Enterprises in Atlanta, said at the International Astronomical Congress in Toronto this week. "Protocols exist in most major medical centers for inducing therapeutic hypothermia on patients to essentially keep them alive until they can get the kind of treatment that they need.” Coupled with intravenous feeding, a crew could be put in hibernation for the transit time to Mars, which under the best-case scenario would take 180 days one-way.

Submission + - 5 Million Google Passwords Leaked (inforisktoday.co.uk)

kierny writes: After first appearing on multiple Russian cybercrime boards, a list of 5 million Google account usernames — which of course double as email usernames — are circulating via file-sharing sites. Experts say the information most likely didn't result from a hack of any given site, including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections.

Numerous commenters who have found their email addresses included in the list of exposed credentials say the included password appears to date from at least three years ago, if not longer. That means anyone who's changed their Google/Gmail password in the last three years is likely safe from account takeover. But how many people haven't changed their password in that timeframe?

Submission + - Bitcoin, Meet Darwin: Crypto Currency's Future (informationweek.com)

kierny writes: Today, Bitcoin, tomorrow, the dollar? Former Central Intelligence Agency CTO Gus Hunt says governments will learn from today's crypto currencies and use them to fashion future government-protected monetary systems. But along the way, expect first-movers such as Bitcoin to fall, in a repeat of the fate of AltaVista, Napster, and other early innovators. But the prospect of fashioning a better, more stable crypto currency system — and the likelihood that Bitcoin may one day burn — is good news for anyone who cares about crypto currencies, as well as the future and reliability of our monetary systems.

Submission + - NSA Hack Attacks: Good Value For Money? (informationweek.com)

kierny writes: Leaked operations manual reveals NSA attack techniques that are not significantly better than common cybercrime capabilities, despite their high cost to government. Are US taxpayers being shortchanged by a system that could be largely replicated by spending a few tens of thousands of dollars "on the Russian private blackhat forums"?

Submission + - Why Laws Won't Save Banks From DDoS Attacks (informationweek.co.uk)

kierny writes: Rep. Mike Rogers (R-Mich.) should know better. The chairman of the House Intelligence Committee claimed to told NBC News that the Operation Ababil U.S. bank disruption DDoS campaign could be stopped, if only private businesses had unfettered access to top-flight U.S. government threat intelligence.

Not coincidentally, Rogers is the author of CISPA (now v2.0), a bill that would provide legal immunity for businesses that share threat data with the government, while allowing intelligence agencies to use it for "national security" purposes, thus raising the ire of privacy rights groups.

Just one problem: Numerous security experts have rubbished Rogers' assertion that threat intelligence would have any effect on banks' ability to defend themselves. The bank disruptions aren't cutting-edge or stealthy. They're just about packets overwhelming targeted sites, despite what Congressionally delivered intelligence might suggest.

Spam

Submission + - DDoS Feud Backfires: Bulletproof CyberBunker Busted (informationweek.co.uk)

kierny writes: The tables turned Thursday on anarchic Dutch hosting provider CyberBunker, which has been accused of backing an Internet-busting DDoS disruption campaign against anti-spam site Spamhaus. But as of Thursday morning, CyberBunker found its own "bulletproof" website knocked offline, making it the apparent victim of a sustained DDoS attack. Similarly, the website of the Stophaus.com campaign that's been organizing the attacks was also disrupted, displaying on a "database error." No one has claimed credit for the pro-Spamhaus takedowns.

Slashdot Top Deals

If we could sell our experiences for what they cost us, we would all be millionaires. -- Abigail Van Buren

Working...