Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Remote Evil Butler Attack Threatens Windows Computers (softpedia.com)

An anonymous reader writes: Last year, a security researcher discovered a way to defeat BitLocker on Windows by taking a PC and inserting him into a network controlled by a rogue domain controller, that allowed the attacker to poison the credentials cache and set a new password on the targeted device. This type of attack is called an Evil Maid, because it requires the attacker physical access to the device.

Microsoft fixed this vulnerability (CVE-2015-6095), and then fixed it again when two researchers pointed out in February 2016 (CVE-2016-0049), that the fix was incomplete. At this year's Black Hat security conference, two Microsoft researchers have discovered a way to carry out the Evil Maid attack from a remote location, even over the Internet. The two researchers say that an attacker can compromise a PC, configure it to work as a rogue domain controller, and then use RDP to access computers (that have open RDP connections) on the same network and carry out the attack from a distance. This particular attack, nicknamed a Remote Evil Butler, can be extremely attractive and valuable for cyber-espionage groups.

Submission + - Worst Mass Shooting in U.S. History (cnn.com) 17

An anonymous reader writes: From CNN:

"Fifty people were killed inside Pulse, a gay nightclub, Orlando Police Chief John Mina and other officials said Sunday morning, just hours after a shooter opened fire in the deadliest mass shooting in U.S. history. At least 53 more people were injured, Mina said. Police have shot and killed the gunman, he told reporters.

The shooter is not from the Orlando area, Mina said. He has been identified as Omar Saddiqui Mateen, 29, of Fort Pierce, about 120 miles southeast of Orlando, two law enforcement officials tell CNN.
Orlando authorities said they consider the violence an act of domestic terror. The FBI is involved. While investigators are exploring all angles, they "have suggestions the individual has leanings towards (Islamic terrorism), but right now we can't say definitely," said Ron Hopper, assistant special agent in charge of the FBI's Orlando bureau."

Submission + - Oklahoma state troopers can now seize bank accounts too (news9.com)

mi writes: You may have heard of civil asset forfeiture. That's where police can seize your property and cash without first proving you committed a crime; without a warrant and without arresting you, as long as they suspect that your property is somehow tied to a crime.

Now, the Oklahoma Highway Patrol has a device that also allows them to seize money in your bank account or on prepaid cards. If a trooper suspects you may have money tied to some type of crime, the highway patrol can scan any cards you have and seize the money.

But do not worry: "If you can prove that you have a legitimate reason to have that money it will be given back to you. And we've done that in the past," — said Oklahoma Highway Patrol Lt. John Vincent.

Submission + - Pentagon admits to having deployed miitary spy drones over the US (msn.com)

lightbox32 writes: A report by a Pentagon inspector general, made public under a Freedom of Information Act request, said spy drones on non-military missions have occurred fewer than 20 times between 2006 and 2015 and always in compliance with existing law. The use of unmanned aerial surveillance (UAS) drones over U.S. surfaced in 2013 when then-FBI director Robert Mueller testified before Congress that the bureau employed spy drones to aid investigations, but in a "very, very minimal way, very seldom."

The inspector general analysis was completed March 20, 2015, but not released publicly until last Friday.

The report also quoted a military law review article that said "the appetite to use them (spy drones) in the domestic environment to collect airborne imagery continues to grow, as does Congressional and media interest in their deployment."

Submission + - Microsoft releases first public preview of RTVS under MIT and GPLv2 licenses (microsoft.com)

shutdown -p now writes: Microsoft has released the first public preview of RTVS (R Tools for Visual Studio), an extension for Visual Studio that adds support for the R (GNU S) programming language. The product is open source, and while most of the code is under the MIT license, some components are GPLv2, in accordance with the R license.

Submission + - Cancer Clinic Data Breach Compromised As Many As 2.2 Million Patient Records (thestack.com)

An anonymous reader writes: Florida-based cancer clinic company, 21st Century Oncology Holdings, has notified 2.2 million patients and employees of a cyberattack that hit its system last year through which their personal data may have been obtained by a malicious third-party. First revealed on 4 March, the cancer treatment chain was informed of the breach, which took place on 13 November 2015, by the FBI. The federal agency knew of the attack but asked that 21st Century Oncology not disclose the incident until a thorough investigation had been conducted. It was discovered that the cybercriminals had accessed the medical group’s systems at the beginning of October last year, and were able to reach and steal sensitive patient and employee data, including names, social security numbers, diagnosis and treatment details, as well as insurance information.

Submission + - IPhones Bricked by Setting Date to Jan 1, 1970 (theguardian.com)

lightbox32 writes: Beware of a hoax circling the interwebs promising an Easter egg, which can be seen by setting your iPhone's date to January 1, 1970. The Guardian is reporting that doing so will brick the device. It’s unclear what exactly causes the issue, but could be related to how iOS stores date and time formats. Jan. 1, 1970 is a value of zero or less than zero, which would make any process that uses a time stamp to fail.

Apple is aware of the issue and is looking into it.

Submission + - EU Proposes End Of Anonymity For Bitcoin And Prepaid Card Users (thestack.com)

An anonymous reader writes: In June the European Commission will propose new legislation to effectively end the possibility of anonymous payment, by forcing users of virtual currencies like Bitcoin, and of prepaid credit cards, to provide identity details. Additionally the EC intends to propose monitoring inter-bank transfers within Europe, a measure which had not been implemented with the launch of the EU-US Terrorist Financing Tracking Programme (TFTP). Though the proposed measures are intended to heap new pressure on the financing of terrorism, a report from Interpol last week concluded that terrorist funding methods have not changed substantially in recent years, stating 'Despite third party reporting suggesting the use of anonymous currencies like Bitcoin by terrorists to finance their activities, this has not been confirmed by law enforcement.'

Submission + - Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com)

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.

Submission + - Seagate Faces Lawsuit Over Defective Hard Drives (thestack.com)

An anonymous reader writes: Consumers have today filed a class-action lawsuit against data storage company Seagate, after it had continued to sell a 3TB hard drive model that had an ‘exceptionally’ high failure rate. The case is based on figures released by data backup company Backblaze, who found that failure rates for the ST3000DM001 were not only far higher than other drives, but also did not display a typical ‘bathtub-shaped’ failure rate curve. Backblaze’s report has since been accused of not representing real-world use. Seagate is likely to adopt this line as it responds to the suit.

Submission + - Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords (csoonline.com)

itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow 'anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction.' The password manager in Trend's antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months.

Submission + - EU Rules Bitcoin Is A Currency, Exchanges Are VAT-Exempt (thestack.com)

An anonymous reader writes: The European Union’s Court of Justice (ECJ) has today ruled that Bitcoin is a currency, detailing exchanges that transfer traditional currencies into the crypto-coins for a fee are to be exempt from consumption taxes. Under the EU rule against value added taxes (VAT) on transfers of “currency, bank notes and coins used as legal tender,” the new call presents an important boost for Bitcoin, erasing related costs for buying and using the virtual funds in Europe – one of the world’s leading trading zones.

Submission + - Scientists discover meaning of life through massive computing project! (wikia.com)

Rabbit327 writes: In a stunning announcement today scientists have announced that after millions of cycles of computing time on some of the largest super computers that they have discovered the meaning of life. On April 1st 2015 at approximately 03:42 GMT scientists discovered that a long running program had finished. The results stunned scientists who were having tea in the other room when the alarm went off. According to the scientific team the answer was stunning yet confusing. Quoting one scientist "It's amazing. It worked! But what does it mean?!? For heaven's sake we spent all this time calculating the answer to the ultimate question about life, the universe, and everything. This is the answer we get?!? This is the bloody answer we get?!?!??!?" after which the scientist promptly threw a keyboard across the room. According to inside sources the answer given by the computer was "42". What this means will be announced later according to a research representative.

Submission + - Scottish scientists slow down speed of light in free space (rdmag.com)

lightbox32 writes: It has generally been thought impossible for particles of light, known as photons, to be slowed as they travel through free space, unimpeded by interactions with any materials.

In a paper published in Science Express, researchers from the Univ. of Glasgow and Heriot-Watt Univ. describe how they have managed to slow photons in free space for the first time. They have demonstrated that applying a mask to an optical beam to give photons a spatial structure can reduce their speed.

Slashdot Top Deals

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...