Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Yuuup (Score 1) 94

clouds have baked private keys into their public images, so that any user could SSH into any machine

The first capture the flag hacking event hosted by my college's volunteer systems team (which supplemented the IT staff) had this problem. Every system had the same SSH keys, so it was easy to man-in-the-middle your opponents, gain their credentials, then log into their actual systems. One of the teams that discovered this (and won the contest) went on to host the next year's event. (This was not recent.)

Security

Russia Says Foreign Spies Plan Cyber Attack On Banking System (reuters.com) 85

Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust. From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."
Facebook

Facebook Knows What You're Streaming (bloomberg.com) 97

Facebook is gathering information about the shows Roku and Apple TV owners are streaming. The company then uses the Facebook profile linked to the same IP addresses to tailor the commercials that are shown to individual users. From a report on Bloomberg: For the past few weeks, the social network says, it's been targeting ads to people streaming certain shows on their Roku or Apple TV set-top boxes. It customizes commercials based on the Facebook profiles tied to the IP addresses doing the streaming, according to a company spokesman. He says Facebook is trying out this approach with the A&E network (The Killing, Duck Dynasty) and streaming startup Tubi TV, selecting free test ads for nonprofits or its own products along with a handful of name brands. This push is part of a broader effort by social media companies to build their revenue with ads on video. Twitter is placing much of its ad-sales hopes on streaming partnerships with sports leagues and other content providers. In October, CFO Anthony Noto told analysts on an earnings call that the ads played during Twitter's NFL Thursday Night Football streaming exclusives had been especially successful, with many people watching them in their entirety with the sound turned on. The participants in these partnerships don't yet have a default answer to questions such as who should be responsible for selling the ads or who should get which slice of revenue.
Medicine

The US Government is Finally Telling People that Homeopathy is a Sham (vox.com) 297

Not a good news for people who trust homeopathic drugs. The Federal Trade Commission has issued an enforcement policy statement that requires over-the-counter (OTC) homeopathic drugs and products makers to disclose in their advertisement and labeling that there is no evidence that Homeopathic products are effective and also mention that modern medical experts don't recognize any claims of effectiveness only based on homeopathic theories. From a report on Vox: This FTC ruling is definitely a step in the right direction of raising awareness about the lack of evidence behind homeopathy. "This is a real victory for reason, science, and the health of the American people," said Michael De Dora, public policy director for the Center for Inquiry, a science-based advocacy and education group that's been pushing for more homeopathy oversight. "The FTC has made the right decision to hold manufacturers accountable for the absolutely baseless assertions they make about homeopathic products." But it doesn't mean these "medicines" will disappear from store shelves. The FTC only has the right to crack down on misleading marketing claims, and if the makers of homeopathic remedies clearly state that their products are based on no science, they can still sell them.

Comment Same issue as killing net neutrality: bad idea (Score 1) 54

You can't whitelist everything you need to, and you can't trust end users to be able to do that all themselves (no matter how many dialogs you pop up). A/V is only capable of doing so much, so users still need educations.

The other option, as this Google engineer proposes, is to lock everything down and only allow vetted programs. This is called Trusted Computing (a.k.a. Treacherous Computing) for software and digital rights management (digital restrictions management) for media. These are very secure (so long as you trust the vetting agency), but they promote too much vendor lock-in and they directly combat Free Software.

Submission + - Author or curl gets tech support emails for random cars 1

AmiMoJo writes: The author of the popular curl utility has been receiving requests for help from frustrated car owners having difficulty with their infotainment systems. It appears that because his email address is listed on the "about" screen, as required by the curl licence, some desperate users are reaching out to him in the hopes of finding a solution.
Social Networks

The FBI Got Its Hands on Data That Twitter Wouldn't Give the CIA (theverge.com) 76

The FBI is using a tool called Dataminr to track criminals and terrorist groups on Twitter, according to documents spotted by The Verge. In a contract document, the agency says Dataminr's Advanced Alerting Tool allows it "to search the complete Twitter firehose, in near real-time, using customizable filters." However, the practice seems to violate Twitter's developer agreement, which prohibits the use of its data feed for surveillance or spying purposes. From the report:"Twitter is used extensively by terrorist organizations and other criminals to communicate, recruit, and raise funds for illegal activity," the FBI wrote in a contracting document. "With increased use of Twitter by subjects of FBI investigations, it is critical to obtain a service which will allow the FBI to identify relevant information from Twitter in a timely fashion." [...] Earlier this year, Twitter revoked API access to a tool called Geofeedia, citing the same clause in the Developer agreement, after a reports showed the tool had been used by police to target protestors in Baltimore. Facebook was also a Geofeedia customer, and used it to catch an intruder in Mark Zuckerberg's office. This isn't the first time Dataminr has run up against Twitter's anti-surveillance clause. In May, Twitter revoked CIA access to Dataminr, a move that was taken as part of a larger ban on US intelligence agencies using the product.
Music

Shazam Keeps Your Mac's Microphone Always On, Even When You Turn It Off (vice.com) 126

An anonymous reader quotes a report from Motherboard: What's that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple's computers, Shazam never turns the microphone off, even if you tell it to. When a user of Shazam's Mac app turns the app "OFF," the app actually keeps the microphone on in the background. For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it's just a feature that makes the app work better. Patrick Wardle, a former NSA hacker who now develops free Mac security tools, discovered this issue thanks to his latest software OverSight, which is designed to alert users when apps use their webcam and microphone. After he released OverSight, Wardle received an email from a user who noticed that the security app alerted him that Shazam was still listening even after he had switched the toggle to "off." Curious about this discovery, and worried his own software might be issuing a false alarm, Wardle reverse engineered the Shazam app to figure out what was happening. After a few hours analyzing the code, Wardle found out that, in fact, Shazam never stops listening, as he explained in a blog post published on Monday. James Pearson, VP of global communications for Shazam, said in a statement to Motherboard: "There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.' If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."
Government

FBI Operated 23 Tor-Hidden Child Porn Sites, Deployed Malware From Them (arstechnica.com) 176

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)
Opera

Web of Trust, Downloaded 140M Times, Pulled From Extension Stores After Revelations That It Sells Users' Data (theregister.co.uk) 115

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.
DRM

DRM is Used to Lock in, Control and Spy on Users, Says Free Software Foundation (torrentfreak.com) 72

In a scathing critique, the Free Software Foundation is urging the U.S. Government to drop the DMCA's anti-circumvention provisions which protect DRM. From a report on TorrentFreak:Late last year the U.S. Copyright office launched a series of public consultations to review critical aspects of the DMCA law. FSF sees no future for DRM and urges the Copyright Office to repeal the DMCA's anti-circumvention provisions. "Technological protection measures and Digital Restrictions Management (DRM) play no legitimate role in protecting copyrighted works. Instead, they are a means of controlling users and creating 'lock in'," FSF's Donald Robertson writes. According to FSF, copyright is just an excuse, the true purpose is to lock down and control users. "Companies use this control illegitimately with an eye toward extracting maximum revenue from users in ways that have little connection to actual copyright law. In fact, these restrictions are technological impediments to the rights users have under copyright law, such as fair use." Even if copyright was the main concern, DRM would be an overbroad tool to achieve the goal, the foundation notes. FSF highlights that DRM is not just used to control people but also to spy on them, by sending all kinds of personal data to technology providers. This is done to generate extra income at the expense of users' rights, they claim. "DRM enables companies to spy on their users, and use that data for profit," Robertson adds. "DRM is frequently used to spy on users by requiring that they maintain a connection to the Internet so that the program can send information back to the DRM provider about the user's actions," he adds.
Iphone

Future iPhones Could Fold In Half (geek.com) 95

Apple has just received a patent, titled "electronic devices with carbon nanotube printing circuits," that suggests future iPhones may be foldable -- at least to some degree. Geek reports: Based on the language in the patent, it doesn't sound like Apple is specifically talking about a device that has a fully bendable display. It mentions one that can bend "along edges of touch sensors or displays." The carbon nanotube PCBs provide flexibility for some of the phone's internals, but not all of them. Those other parts will likely be covered by other patents if Apple is genuinely working on a seamless foldable device. The usual caveats apply here. For now, this is simply yet another patent padding Apple's already massive portfolio. Could they be planning to release an iPhone that folds in half? Definitely.
Government

Prosecutors Say NSA Contractor Could Flee To Foreign Power (go.com) 44

An anonymous reader quotes a report from ABC News: The NSA contractor accused of stealing a gargantuan amount of sensitive and classified data from the U.S. government was studying Russian before he was arrested and would be a "prime target" for foreign spies should he be released on bail, prosecutors argued ahead of a court hearing for Harold Martin, III, today. The government said it is "readily apparent to every foreign counterintelligence professional and nongovernmental actor that the Defendant has access to highly classified information, whether in his head, in still-hidden physical locations, or stored in cyberspace -- and he has demonstrated absolutely no interest in protecting it. This makes the Defendant a prime target, and his release would seriously endanger the safety of the country and potentially even the Defendant himself." Prosecutors noted that Martin purportedly communicated online "with others in languages other than English, including in Russian" and that he had downloaded information on the Russian language just a couple months before he was arrested in August. Martin's attorneys, however, said in their own court filing Thursday that there is still no evidence he "intended to betray his country" and argued that he was not a flight risk. All the talk of foreign spies and potential getaway plans, the defense said, were "fantastical scenarios." Martin's defense team said in part: "The government concocts fantastical scenarios in which Mr. Martin -- who, by the government's own admission, does not possess a valid passport -- would attempt to flee the country. Mr. Martin's wife is here in Maryland. His home is here in Maryland. He hash served this country honorably as a lieutenant in the United States Navy, and he has devoted his entire career to serving his country. There is no evidence he intended to betray his country. The government simply does not meet its burden of showing that no conditions of release would reasonably assure Mr. Martin's future appearance in court. For these reasons, and additional reasons to be discussed at the detention hearing, Mr. Martin should be released on conditions pending trial."

UPDATE 10/21/16: Slashdot reader chromaexursion writes: "Harold Martin was denied bail. The judge agreed the the prosecution in his decision."

Slashdot Top Deals

APL is a write-only language. I can write programs in APL, but I can't read any of them. -- Roy Keir

Working...