Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - The World Video Game Hall of Fame 2016 Inductess 1

Dave Knott writes: The World Video Game Hall Of Fame has announced its inductees for the year 2016, the second group of games to be so honoured since the award's inception in 2015. The Hall Of Fame "recognizes individual electronic games of all types—arcade, console, computer, handheld, and mobile—that have enjoyed popularity over a sustained period and have exerted influence on the video game industry or on popular culture and society in general". This year's six inductees are: Grand Theft Auto III, The Legend of Zelda, The Oregon Trail, The Sims, Sonic the Hedgehog, and Space Invaders.

Submission + - Massive, Decades-Long Cyberespionage Framework Exposed

Trailrunner7 writes: Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. The attackers, known as the Equation Group, used two of the zero days contained in Stuxnet before that worm employed them and have used a number of other infection methods, including interdicting physical media such as CDs and inserting their custom malware implants onto the discs.

Some of the techniques the group has used are closely associated with tactics employed by the NSA, specifically the interdiction operations and the use of the LNK vulnerability exploit by Stuxnet.

The Equation Group has a massive, flexible and intimidating arsenal at its disposal. Along with using several zero days in its operations, the attack crew also employs two discrete modules that enable them to reprogram the hard drive firmware on infected machines. This gives the attackers the ability to stay persistent on compromised computers indefinitely and create a hidden storage partition on the hard drive that is used to store stolen data. At the Security Analyst Summit here Monday, researchers at Kaspersky presented on the Equation Group’s operations while publishing a new report that lays out the inner workings of the crew’s tools, tactics and target list. The victims include government agencies, energy companies, research institutions, embassies, telecoms, universities, media organizations and others. Countries targeted by this group include Russia, Syria, Iran, Pakistan, China, Yemen, Afghanistan, India but also US and UK, between and several others.

Submission + - First OSX Bootkit Revealed

Trailrunner7 writes: A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac.

The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson’s bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple’s RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker’s key. The attack also disables the loading of further Option ROMs, closing that window of opportunity. A weaponized version of this attack would have free ring0 reign over the system.

Apple has only partially addressed the vulnerability behind this.

Submission + - FBI Issued 19,000 National Security Letters in 2013

Trailrunner7 writes: The United States federal government issued more than 19,000 National Security Letters–perhaps its most powerful tool for domestic intelligence collection–in 2013, and those NSLs contained more than 38,000 individual requests for information.

The new data was released by the Office of the Director of National Intelligence on Friday as part of its effort to comply with a directive from President Obama to declassify and release as much information as possible about a variety of tools that the government uses to collect intelligence. The directive came in the immediate aftermath of the first revelations by former NSA contractor Edward Snowden about the agency’s capabilities, methods and use of legal authorities.

The use of NSLs is far from new, dating back several decades. But their use was expanded greatly after 9/11 and NSLs are different from other tools in a number of ways, perhaps most importantly in the fact that recipients typically are prohibited from even disclosing the fact that they received an NSL. Successfully fighting an NSL is a rare thing, and privacy advocates have been after the government for years to release data on their use of the letters and the number of NSLs issued. Now, the ODNI is putting some of that information into the public record.

Submission + - New 'Mask' APT Campaign Called Most Sophisticated Yet (

Gunkerty Jeb writes: A group of high-level, nation-state attackers has been targeting government agencies, embassies, diplomatic offices and energy companies with a cyber-espionage campaign for more than five years that researchers say is the most sophisticated APT operation they’ve seen to date. The attack, dubbed the Mask, includes a number of unique components and functionality and the group behind it has been stealing sensitive data such as encryption and SSH keys and wiping and deleting other data on targeted machines.

Submission + - Facebook is "dead and bured" to young users (

JoeyRox writes: The recent decline in Facebook's popularity with teenagers appears to be worsening. A Global Social Media Impact study of 16 to 18 year olds found that many considered the site "uncool" and keep their profiles alive only to keep in touch with older relatives, for whom the site remains popular. Researches say teens have switched to using WhatsApp, Snapchat, and Twitter in place of Facebook.

Submission + - Glut in Stolen Identities Forces Price Cut (

CowboyRobot writes: The price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity. For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there. Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250.

Submission + - `Terminator` robots that can self-heal (

kulnor writes: "Researchers in Spain have discovered the first self-healing polymer that spontaneously and independently repairs itself without any intervention. The new material could be used to improve the security and lifetime of plastic parts in everyday products such as electrical components, cars and even houses. The researchers have dubbed the material a "Terminator" polymer in tribute to the shape-shifting, molten T-100 terminator robot from the 'Terminator 2' film."

Submission + - Government to Release Hundreds of Documents on NSA Spying

Trailrunner7 writes: In response to a lawsuit by the Electronic Frontier Foundation, the Department of Justice is preparing to release a trove of documents related to the government’s secret interpretation of Section 215 of the PATRIOT Act. The declassified documents will include previously secret opinions of the Foreign Intelligence Surveillance Court.

The decision by the Justice Department to release the documents is the second legal victory in recent weeks for the EFF related to the National Security Agency’s intelligence collection programs. In August, the group won the release of a 2011 FISC opinion that revealed that the court ruled that some of the NSA’s collection programs were illegal and unconstitutional. The newest decision will result in the release of hundreds of pages of documents related to the way the government has been interpreting Section 215, which is the measure upon which some of the NSA’s surveillance programs are based.

In a status report released Wednesday regarding the EFF’s suit against the Department of Justice, attorneys for the government said that they will release the documents by Sept. 10.

Submission + - WhatsApp Weakness 'Could Expose PayPal, Google Accounts'

twoheadedboy writes: WhatsApp, the popular messaging app, isn't doing SSL as securely as it could/should be, according to security researchers. When a user wants to pay for a licence on an Android device, an in-app browser appears to let the transaction go ahead. But the connection between the browser and the WhatsApp server isn't protected by SSL, even if the connection to the payment services is. That's bad, as it can let hackers carrying out man-in-the-middle attacks know when a WhatsApp user is connecting to a payment service, like PayPal and Google Wallet, as offered by WhatsApp, They can then serve up phishing pages to the user and steal their payment login details. "It's serious as it's a complete and utter failure of HTTPS," says security expert Troy Hunt.

Submission + - Aaron Swartz Case: Deja Vu All Over Again for MIT

theodp writes: On Saturday, questions for MIT's Aaron Swartz investigation were posted on Slashdot with the hope that MIT'ers might repost some to the MIT Swartz Review site. So it's good to see that MIT's Hal Abelson, who is leading the analysis of MIT's involvement in the matter, is apparently open to this workaround to the ban on questions from outsiders. In fact, on Sunday Abelson himself reposted an interesting question posed by Boston College Law School Prof. Sharon Beckman: 'What, if anything, did MIT learn from its involvement in the federal prosecution of its student David LaMacchia back in 1994?' Not much, it would appear. LaMacchia, an apparent student of Abelson's whose defense team included Beckman, was indicted in 1994 and charged with the 'piracy of an estimated million dollars' in business and entertainment computer software after MIT gave LaMacchia up to the FBI. LaMacchia eventually walked from the charges, thanks to what became known as the LaMacchia Loophole, which lawmakers took pains to close. 'MIT collaborated with the FBI to wreck LaMacchia's life,' defense attorney Harvey Silverglate charged in 1995 after a judge dismissed the case. 'I hope that this case causes a lot of introspection on the part of MIT's administration. Unfortunately, I doubt it will.'

Submission + - Barracuda Networks Confirms Exploitable Backdoors In Its Appliances (

Orome1 writes: "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances."

Slashdot Top Deals

If you can't learn to do it well, learn to enjoy doing it badly.