Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Submission + - Pile of Bugs in Belkin Routers Allow DNS Spoofing, Credential Theft 1

Trailrunner7 writes: The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers.

The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17, and potentially earlier versions of the firmware, as well. The vulnerabilities have not been patched by Belkin, the advisory from the CERT/CC says there aren’t any practical workarounds for them.

“DNS queries originating from the Belkin N600, such as those to resolve the names of firmware update and NTP servers, use predictable TXIDs that start at 0x0002 and increase incrementally. An attacker with the ability to spoof DNS responses can cause the router to contact incorrect or malicious hosts under the attacker’s control,” the CERT/CC advisory says.

Submission + - Should I publish my collection of email spamming IP addresses?

An anonymous reader writes: I have, for a while now, been collecting IP addresses from which email spam has been sent to, or attempted to be relayed through, my email server. I was wondering if I should publish them, so that others can adopt whatever steps are necessary to protect their email servers from that vermin. However, I am facing ethical issues here. What if the addresses are simply spoofed, and therefore branding them as spamming addresses might cause harm to innocent parties? What if, after having been co-opted by spammers, they are now used legitimately? What do Slashdot contributors think?

Submission + - Smartphone malware planted in popular apps pre-sale (thestack.com)

An anonymous reader writes: Over 20 popular smartphone models have been pre-installed with malware and marketed as brand new, according to a report from cybersecurity firm G Data. The handsets had been sold by third-party vendors across Asia and Europe, and included devices from big players such as Lenovo, Xiaomi and Huawei. They were infected prior to sale with intelligent malware disguised in popular apps such as Facebook

Submission + - Citi report: slowing global warming would save tens of trillions of dollars (theguardian.com)

Layzej writes: Citi Global Perspectives & Solutions (GPS), a division within Citibank (America’s third-largest bank), recently published a report looking at the economic costs and benefits of a low-carbon future. The report considered two scenarios: “Inaction,” which involves continuing on a business-as-usual path, and Action scenario which involves transitioning to a low-carbon energy mix.

One of the most interesting findings in the report is that the investment costs for the two scenarios are almost identical. In fact, because of savings due to reduced fuel costs and increased energy efficiency, the Action scenario is actually a bit cheaper than the Inaction scenario. Coupled with the fact the total spend is similar under both action and inaction, yet the potential liabilities of inaction are enormous, it is hard to argue against a path of action.

But there will be winners and losers: The biggest loser stands to be the coal industry, where we estimate cumulative spend under our Action scenario could be $11.6 trillion less than in our Inaction scenario over the next quarter century, with renewables, wind and nuclear (as well as energy efficiency) the main beneficiaries.

Submission + - FBI: Burning Man testing ground for free speech, drugs ... & new spy gear (muckrock.com)

v3rgEz writes: The 29th annual Burning Man festival kicks off this week in Nevada's Black Rock Desert. Among those paying close attention to the festivities will be the FBI's Special Events Management unit, who have kept files on "burners" since at least 2010. One of the more interesting things in those, files, however, is a lengthy, heavily redacted paragraph detailing that the FBI's Special Events Management Unit gave Las Vegas Police Department some specialized equipment for monitoring the week-long event, as long as LVPD provided follow up reports.
Slashdot.org

Introducing the Slashdot Firehose 320

Logged in users have noticed for some time the request to drink from the Slashdot Firehose. Well now we're ready to start having everybody test it out. It's partially a collaborative news system, partially a redesigned & dynamic next-generation Slashdot index. It's got a lot of really cool features, and a lot of equally annoying new problems for us to find and fix for the next few weeks. I've attached a rough draft of the FAQ to the end of this article. A quick read of it will probably answer most questions from how it works, what all the color codes mean, to what we intend to do with it.
Networking

Ohio Establishing State Wide Broadband Network 105

bohn002 writes "In order to coordinate and expand access to the state's broadband data network, Ohio Governor Ted Strickland has signed an executive order establishing the Ohio Broadband Council and the Broadband Ohio Network. The order directs the Ohio Broadband Council to coordinate efforts to extend access to the Broadband Ohio Network to every county in Ohio. The order allows public and private entities to tap into the Broadband Ohio Network — all with a goal of expanding access to high-speed internet service in parts of the state that presently don't have such service."

Slashdot Top Deals

"Spock, did you see the looks on their faces?" "Yes, Captain, a sort of vacant contentment."

Working...