Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - International Authorities Cooperate To Take Down Massive 'Avalanche' Botnet

plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named 'Avalanche', estimated to have involved as many as 500,000 infected computers worldwide on a daily basis.

"The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800 000 domains seized, sinkholed or blocked."

Submission + - Researchers Inject Hidden Analog Backdoor Into Digital CPUs

plover writes: Researchers at the University of Michigan made some very subtle modifications to a chip design at fabrication time, creating a capacitor that pumps up a charge based on how frequently an obscure signal line is toggled. Once the capacitor's charge exceeds a certain threshold, it toggles a flip-flop that sets another state, such as enabling privileged execution. Since the capacitor is not refreshed, it drains over time, hiding any evidence that it was ever triggered.

All this was hidden in the fabrication steps of making the chip; the new circuitry was stashed in a tiny bit of unused real estate on the die. The modified chip passes all testing, and the original chip designer remains unaware that their CPU has been compromised. Meanwhile the backdoor lurks silently, waiting for the obscure commands to execute the secret sequence.

Submission + - Unmasking the Stingray (

plover writes: The Verge has a feature story on the criminal who figured out he was caught due to his prepaid cellular device, and discovered the existence of the Stingray.

Submission + - Smart Grid Meter Homegrown Security Protocol Crushed By Researchers

plover writes: According to this article in ThreatPost,

Two researchers, Phillip Jovanovic of the University of Passau in Germany and Samuel Neves of the University of Coimbra in Portugal, published a paper exposing encryption weaknesses in the protocol.

The paper, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” explains how the authenticated encryption scheme used in the OSGP is open to numerous attacks—the paper posits a handful—that can be pulled off with minimal computational effort. Specifically under fire is a homegrown message authentication code called OMA Digest.

Submission + - Supervalu Becomes Another Hacking Victim (

plover writes: Supervalu (NYSE:SVU) is the latest retailer to experience a data breach, announcing today that cybercriminals had accessed payment card transactions at some of its stores.

The Minneapolis-based company said it had "experienced a criminal intrusion" into the portion of its computer network that processes payment card transactions for some of its stores. There was no confirmation that any cardholder data was in fact stolen and no evidence the data was misused, according to the company.

The event occurred between June 22 and July 17, 2014 at 180 Supervalu stores and stand-alone liquor stores. Affected banners include Cub Foods, Farm Fresh, Hornbacher's, Shop 'n Save and Shoppers Food & Pharmacy.

Submission + - Smithsonian Releasing 3D Models of Artifacts

plover writes: The Seattle Times reports "the Smithsonian Institution is launching a new 3D scanning and printing initiative to make more of its massive collection accessible to schools, researchers and the public worldwide. A small team has begun creating 3D models of some key objects representing the breadth of the collection at the world's largest museum complex. Some of the first 3D scans include the Wright brothers' first airplane, Amelia Earhart's flight suit, casts of President Abraham Lincoln's face during the Civil War and a Revolutionary War gunboat. Less familiar objects include a former slave's horn, a missionary's gun from the 1800s and a woolly mammoth fossil from the Ice Age. They are pieces of history some people may hear about but rarely see or touch."

So far they have posted 20 models on the site, with the promise of much more to come.

Submission + - Why iFingerprinting Makes You Legally Unsafe (

plover writes: Mark Rasch, an attorney specializing in privacy and security law, has taken a look at using the iPhone's fingerprint access to protect your privacy. He believes that you can sometimes be compelled by a court to provide your password to unlock an encrypted file, depending on the circumstances. But you can always be compelled to provide your fingerprints, and that the Supreme Court has repeatedly affirmed there is no Fifth Amendment protection against it. That means if you lock your phone with only a fingerprint, the government will almost certainly be able to compel you to unlock it. If you lock it with a passcode, there's a chance you can refuse to provide it under the Fifth Amendment.

The new iPhone 5s’s biometric fingerprint scanner can actually put consumers (or merchants, for that matter) in a worse position legally than the previous four-digit PIN. In fact, the biometric can open the contents of a consumer’s phone and any linked payment systems, accounts or systems—including contacts, email and documents—less legally protected than the simple passcode. This is because the law may treat the biometric (something you are) differently from a password (something you know).


Submission + - FinSpy Commercial Spyware Abused By Governments

plover writes: The NY Times has this story about FinSpy, a commercial spyware package sold "only for law enforcement purposes" being used by governments to spy on dissidents, journalists, and others, and how two U.S. computer experts, Morgan Marquis-Boire from Google, and Bill Marczak, a PhD student in Computer Science, have been tracking it down around the world.
The Military

Submission + - Iran Admits Stuxnet Impacted Their Nuclear Program (

plover writes: According to this article in the Guardian,

Ahmadinejad admitted the worm had affected Iran's uranium enrichment. "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," the president said. "They did a bad thing. Fortunately our experts discovered that, and today they are not able [to do that] anymore."


Submission + - Jury awards $1.5 million to Capitol Records (

plover writes: In the Jammie Thomas-Rasset case that never ends, a Minneapolis jury has awarded Capitol Records $1.5 million dollars.

Thomas-Rasset is expected to appeal and it the case could wind its way to the Supreme Court.

Submission + - Ars Technica Forums Abused by Phishers

plover writes: Some Ars Technica members received phishing attempts purporting to be from SunTrust this morning. Here's the posting on the Ars forum explaining what happened.

It seems that many users received phishing attempts to Ars only email addresses this morning. We're working on it and will update this post when we find something out.

We believe that our previous forum provider has some exploit that allows people to send messages to private email addresses through their servers. Every report we've seen has originated at one of their web front ends. If we are correct, your email addresses have not been compromised. It's obviously pretty bad to be getting phishing attempts forwarded through someone else, but not quite as bad as if an email DB had been jacked or something.

We have emails out to them. There's a chance we won't hear back for a couple of hours since they're on pacific time, but we're doing what we can.

That's got to be one stupid phisherman to try phishing from the members of Ars Technica.

Submission + - US Admits Most Piracy Estimates Are Bogus

plover writes: According to this article on Ars Technica, the GAO admitted that the estimates of the impact of piracy have no basis in fact.

After examining all the data and consulting with numerous experts inside and outside of government, the Government Accountability Office concluded that it is "difficult, if not impossible, to quantify the economy-wide impacts."


Submission + - Senate Votes to Replace Aviation Radar With GPS ( 1

plover writes: The U.S. Senate today passed by a 93-0 margin a bill that would implement the FAA's NextGen plan to replace aviation radar with GPS units. It will help pay for the upgrade by increasing aviation fuel taxes on private aircraft. It will require two inspections per year on foreign repair stations that work on U.S. planes. And it will ban pilots from using personal electronics in the cockpit. This just needs to be reconciled with the House version and is expected to soon become law. This was discussed on Slashdot a few years ago.

Slashdot Top Deals

"Truth never comes into the world but like a bastard, to the ignominy of him that brought her birth." -- Milton