Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Congress Gives Federal Agencies Two Weeks To Tally Backdoored Juniper Kit (csoonline.com) 77

itwbennett writes: In an effort to gauge the impact of the recent Juniper ScreenOS backdoors on government organizations, the House of Representatives is questioning around two dozen U.S. government departments and federal agencies. The U.S. House of Representatives' Committee on Oversight and Government Reform sent letters to the agencies on Jan. 21, asking them to identify whether they used devices running the affected ScreenOS versions, to explain how they learned about the issues and whether they took any corrective actions before Juniper released patches and to specify when they applied the company's patches. The questioned organizations have until Feb. 4 to respond and deliver the appropriate documents, a very tight time frame giving that 'the time period covered by this request is from January 1, 2009 to the present.'
Android

Android Ransomware Threatens To Share Your Browsing History With Your Friends (symantec.com) 160

An anonymous reader writes: The newly discovered Lockdroid ransomware is unique in two ways. First it uses perfectly overlaid popups to trick users into giving it admin privileges. This trick works on devices running Android versions prior to 5.0 (Lollipop), which means 67% of all Android smartphones. Secondly, after it encrypts files and asks for a ransom, it also steals the user's browsing history and contacts list, and blackmails the user to pay the ransom, or his browsing history will be forwarded to his contacts.
The Courts

Stingray Case Lawyers: "Everyone Knows Cell Phones Generate Location Data" (techdirt.com) 171

An anonymous reader writes with news that the Maryland Attorney General is arguing that anyone who has ever used a smartphone knows it's tracking them, so no warrant is needed for stingrays. Techdirt says: "Up in Baltimore, where law enforcement Stingray device use hit critical mass faster and more furiously than anywhere else in the country (to date...) with the exposure of 4,300 deployments in seven years, the government is still arguing there's no reason to bring search warrants into this. The state's Attorney General apparently would like the Baltimore PD's use of pen register orders to remain standard operating procedure. According to a brief filed in a criminal case relying on the warrantless deployment of an IMSI catcher (in this case a Hailstorm), the state believes there's no reason for police to seek a warrant because everyone "knows" cell phones generate data when they're turned on or in use.

The brief reads in part: 'The whereabouts of a cellular telephone are not "withdrawn from public view" until it is turned off, or its SIM card removed. Anyone who has ever used a smartphone is aware that the phone broadcasts its position on the map, leading to, for example, search results and advertising tailored for the user's location, or to a "ride-sharing" car appearing at one's address. And certainly anyone who has ever used any sort of cellular telephone knows that it must be in contact with an outside cell tower to function.'"
Iphone

Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police (dailydot.com) 231

blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”
Google

Google Fixes Zero-Day Kernel Flaw, Says Effect on Android Not Really That Bad (csoonline.com) 132

itwbennett writes: Google has developed a patch for Android in response to a flaw in the Linux kernel and has shared it with device manufacturers. That doesn't mean the patch will hit users' phones right away, though. It might take weeks. But that's ok, says Google, because most Android devices are unlikely to run vulnerable kernel versions, and those that do are protected by SELinux.
United Kingdom

Big Brother Is Coming To UK Universities (theguardian.com) 75

An anonymous reader writes: An upcoming report by the Higher Education Commission, a UK group of MPs, business and academic professionals, will paint a picture of a higher education system that, thanks to the increasing use of data, may undergo radical change, sometimes with painful ethical considerations. Among their visions: an Amazon-style recommendation service on courses and work experience based on individuals' backgrounds, and similar profiles. Or a system in which students at risk of failure can be identified from their first day so that they receive instant feedback and performance measuring. It is envisioned that the system will include knowing whether they are in lectures, at the gym or in the bar, and in an effort to boost their results, students may also want to share data on their fitness, sleeping patterns, and their academic and semi-academic interactions online.
Security

High-Tech Attack Alert For 2016 Super Bowl (thestack.com) 60

An anonymous reader writes with news about a Homeland Security memo concerning potential technological attacks during the Super Bowl. The forthcoming Super Bowl event on 7th February could be at risk of a high-tech attack against fans both inside and outside the San Francisco 49ers Stadium. A security memo issued by the FBI and the Department of Homeland Security has warned that the annual game could be a target not just at the stadium, but at other commemorative events taking place in San Francisco and in the Silicon Valley. One of the chief concerns is the various sabotages committed against fibre cables in the area. As the fibre optic cable networks function as back up communication systems in emergency situations, these are a possible target for the attackers. By destroying these cables, response times could be slowed down.
United States

The Story Behind National Reconnaissance Office's Octopus Logo (muckrock.com) 133

v3rgEz writes: When the National Reconnaissance Office (NRO) announced the upcoming launch of their NROL-39 mission back in December 2013, they didn't get quite the response they hoped. That might have had something to do with the mission logo being a gigantic octopus devouring the Earth. Researcher Runa Sandvik wanted to know who approved this and why, so she filed a Freedom of Information Act with the NRO for the development materials that went into the logo. A few months later, the NRO delivered.
Security

Video Do the Risks of BYOD Outweigh the Benefits? (Video) 82

Steve Hasselbach is a Senior Solutions Architect (AKA Marketing Guy -- but he's also a serious techie) for Peak 10, a datacenter company. In his work he deals with his clients' security problems, and often shakes his head at how security unconscious so many businesses are, even after endless publicity about corporate IT security holes costing companies millions of dollars.

He says, "...it doesn’t shock me anymore, but you’d be so shocked and surprised at how noncompliant this country is in terms of businesses around things like healthcare data and all that." In this interview, Steve talks about how (surprise!) the current BYOD trend is making things worse, but isn't necessarily responsible for the worst security holes, and offers benefits that might outweigh the increased security risks it brings.. (Note: The transcript contains material not included in the video.)
The Internet

Google Exec Says Isis Must Be Locked Out of the Open Web (theguardian.com) 208

An anonymous reader writes with this story about Director of Google Ideas Jared Cohen and his talk with the Royal Institute of International Affairs about stopping terrorists online. Cohen contends that the best way to fight them online is to keep them confined to the dark web. The Guardian reports: "Google's head of ideas, tasked with building tools to fight oppression, has said that to stop Isis being able to publicize itself on the internet requires forcing Isis from the open web. During a talk with the Royal Institute of International Affairs at Chatham House, Jared Cohen said that it will not be possible to stop terrorists such as Isis from using Tor and the dark web. The key to stopping the terrorist group from propagating online is therefore to hound them from the traditional web – that which can be indexed by search engines. Cohen said: 'What is new is that they're operating without being pushed back in the same internet we all enjoy. So success looks like Isis being contained to the dark web.'"
Intel

Serious Flaw Patched In Intel Driver Update Utility (csoonline.com) 34

itwbennett writes: The flaw in a utility that helps users download the latest drivers for their Intel hardware components stems from the tool using unencrypted HTTP connections to check for driver updates. It was discovered by researchers from Core Security and was reported to Intel in November. The Core Security researchers found that the utility was checking for new driver versions by downloading XML files from Intel's website over HTTP. These files included the IDs of hardware components, the latest driver versions available for them and the corresponding download URLs. Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.
Security

SCADA "Selfies" a Big Give Away To Hackers (csmonitor.com) 54

chicksdaddy writes: The world's governments are on notice that their critical infrastructure is vulnerable after an apparent cyberattack darkened 80,000 households in three regions of Ukraine last month. But on the question of safeguarding utilities, operators of power plants, water treatment facilities, and other industrial operations might do well to worry more about Instagram than hackers, according to a report by Christian Science Monitor Passcode. Speaking at a gathering of industrial control systems experts last week, Sean McBride of the firm iSight Partners said that social media oversharing is a wellspring of information that could be useful to attackers interested in compromising critical infrastructure. Among the valuable information he's found online: workplace selfies on Instagram and Facebook that reveal details of supervisory control and data acquisition, or SCADA, systems.

"No SCADA selfies!" said Mr. McBride at the S4 Conference in Miami Thursday. "Don't make an adversary's job easier." iSight has found examples of SCADA selfies at sensitive facilities and warns that such photos may unwittingly reveal critical information that operators would prefer to keep secret. The firm's researchers have also discovered panoramic pictures of control rooms and video walk-throughs of facilities. Corporate websites can divulge valuable information to adversaries like organization charts or lists of employees — valuable sources of information for would-be attackers, says McBride. That kind of slip-up have aided critical infrastructure attacks in the past. Photographs published in 2008 by former Iranian President Mahmoud Ahmadinejad's press office provided western nuclear analysts with detailed views of the insides of the Natanz facility and Iran's uranium enrichment operation – what an expert once described as "intel to die for."

Security

LastPass Vulnerable To Extremely Simple Phishing Attack (softpedia.com) 146

An anonymous reader writes: Security researcher Sean Cassidy has developed a fairly trivial attack on the LastPass password management service that allows attackers an easy method for collecting the victim's master password. He developed a tool called LostPass that automates phishing attacks against LastPass, and even allows attackers to collect password vaults from the LastPass API.
Security

Casino Sues Security Firm For Failing To Contain Malware Infection (softpedia.com) 50

An anonymous reader writes: US casino chain Affinity Games is suing Trustwave Holdings, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity's servers, which led to the escalation of a previous card breach. The casino chain noticed the sloppy job a few months later when it hired a penetration testing company to comply with new gaming regulation. Mandiant was brought in to mop up Trustwave's job later on. Affinity is now suing for $100,000 (or more) in damages.
Bitcoin

"DDoS-For-Bitcoin" Blackmailers Arrested (softpedia.com) 27

An anonymous reader writes: The DDoSing outfit that spawned the trend of "DDoS-for-Bitcoin" has been arrested by Europol in Bosnia Herzegovina last month. DD4BC first appeared in September 2015, when Akamai blew the lid on their activities. Since then almost any script kiddie that can launch DDoS attacks has followed their business model by blackmailing companies for Bitcoin.

Slashdot Top Deals

There must be more to life than having everything. -- Maurice Sendak

Working...