Slashdot: News for nerds, stuff that matters

Your Passwords Don't Suck — It's Your Policies 307

Posted by timothy on Friday May 18, @07:20PM
from the all-birthdays-all-the-time dept.

First time accepted submitter eGuy writes "ZDNet sparked a debate about password policies when John Fontana wrote about my open source (LGPL) password policy project that rewards XKCD-like passwords. Steve Watts of SecurEnvoy replies that it is too little, too late. What think ye? Is there hope for passwords?"

Flashback Click Fraud Campaign Was a Bust 19

Posted by Soulskill on Friday May 18, @06:58PM
from the peter-principle-for-black-hats dept.

zarmanto writes "It seems the Flashback botnet has netted their creators nothing but frustration. Flashback was tagged early on by anti-virus vendors, who promptly sink-holed many of the command & control addresses, and essentially crippled the hacker's ability to control the vast majority of the Flashback botnet... but that's not the best part. The Flashback spawned click fraud campaign resulted in... nada! It seems that their pay-per-click affiliate may be on to their scheme, as they refused to pay out. Score one for the good guys, for once."

Book Review: Elementary Information Security 41

Posted by samzenpus on Friday May 18, @04:31PM
from the read-all-about-it dept.

benrothke writes "Elementary Information Security, based on its title, weight and page length, I assumed was filled with mindless screen shots of elementary information security topics, written with a large font, in order to jack up the page count. Such an approach is typical of far too many security books. With that, if there ever was a misnomer of title, Elementary Information Security is it." Read below for the rest of Ben's review

America's Cybersecurity Czar, Howard Schmidt, Steps Down 51

Posted by samzenpus on Friday May 18, @08:09AM
from the hit-the-road dept.

wiredmikey writes "In December of 2009, after months of waiting, the Obama Administration named Howard Schmidt as the White House Cybersecurity Coordinator. After more than forty years in the IT community, the nation's first cyber czar will retire at the end of the month. Schmidt, after just over two years of government service, said he would retire in order to spend more time with his family and to entertain teaching opportunities in the cyber field. Schmidt was at the reins when the White House introduced its international strategy for cyberspace, and also helped create the controversial National Strategy for Trusted Identities in Cyberspace, an initiative that would allow people to obtain a single credential as a one-time password (on a token or mobile device) to do business on the Internet. Schmidt will be replaced by Michael Daniel, currently the head of the White House budget office's intelligence branch."

UK Government Staff Caught Snooping On Citizen Data 115

Posted by samzenpus on Friday May 18, @03:05AM
from the lets-have-a-look dept.

An anonymous reader writes "More than 1,000 UK government staff have been caught snooping on citizen data — including criminal records, social security, and medical records. From the article: 'The U.K. government is haemorrhaging data — private and confidential citizen data — from medical records to social security details, and even criminal records, according to figures obtained through Freedom of Information requests. Just shy of 1,000 civil servants working at the Department for Work and Pensions (DWP), were disciplined for accessing personal social security records. The Department for Health (DoH), which operates the U.K.’s National Health Service and more importantly all U.K. medical records, saw more than 150 breaches occur over a 13-month period.'"

Social Networking: The New Workplace Smoke Break 101

Posted by samzenpus on Friday May 18, @01:32AM
from the friend-em-if-you-got-em dept.

snydeq writes "J. Peter Bruzzese sees a solution for organizations seeking to cut down employee time spent on social networks at work: treat social networking like a smoke break. 'Try as you might to keep social networks at bay, mobile devices let people be in constant connection to their social networking vices over the cellular networks, which you can't block. Still, it's not completely impossible to stop social time-wasting over mobile: You can establish policies that, if enforced strongly enough, eliminate social networks from being accessed on company time. Treat it like smoking: Let employees take a 15-minute coffee/smoking/Facebook break and make them go to a designated area to do it.'"

Android Hackers Honing Skills In Russia 95

Posted by samzenpus on Thursday May 17, @10:01PM
from the practice-makes-perfect dept.

MikeatWired writes "The malware business growing around Google Android — now the leading smartphone operating system — is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers. Sophos and Symantec on Wednesday released their latest Android malware discoveries written in Russian. While the language narrows the number of potential victims, the social-engineering tactics used to get Android users to install the malware is universal. The gang tracked by Sophos is using fake antivirus scanners, while Symantec is tracking cybercriminals using mobile websites to offer bogus versions of popular games. Sophos says the criminals are like other entrepreneurs launching startups. They're starting in Russia, but have far greater ambitions. 'I don't think we can say that they're necessarily using it as a testing ground — think of it more as a local business that as it grows may gain multinational ambitions,' Graham Cluley, senior technology consultant at Sophos, said in an email interview on Wednesday. The cyber scam tracked by Sophos was reported this week by GFI Lab, which discovered links to the bogus antivirus software on Twitter. Sophos dug deeper and found that the .ru domains pointed to the same Internet protocol address hosted in Ukraine."

Paul Vixie: 100,000 DSL Modems May Lose Their DNS On July 9 169

Posted by timothy on Thursday May 17, @03:54PM
from the blame-the-feds dept.

Dante_J writes "Up to 100,000 DSL modems may lose access to DNS come July the 9th, due to scripted web interface changes made to them by DNSChanger. This and other disturbing details were raised by respected Internet elder Paul Vixie during a presentation at the AusCERT 2012 conference."

The Pirate Bay Returns, Anonymous Hater Takes Credit For DDoS 121

Posted by timothy on Thursday May 17, @03:12PM
from the bad-childhoods-in-the-news dept.

An anonymous reader writes "After being the victim of a massive Distributed Denial of Service (DDoS) attack by an unknown party, The Pirate Bay has returned. An Anonymous traitor who goes by the name AnonNyre has claimed responsibility for the DDoS attack that kept the site offline for days."

Who Is Still Using IE6? the UK Government 141

Posted by timothy on Thursday May 17, @12:33PM
from the increased-customer-enragement dept.

strawberryshakes writes "The death knell for IE6 was sounded a couple of years ago, but seems like some people just can't let go. Many UK government departments are still using IE6, which is so old — 11 years old to be exact — it can't cope with social media — which the government is trying to get its staff to use more to engage with citizens."

DreamHammer Wants To Corner the Drone OS Market 122

Posted by timothy on Thursday May 17, @12:11PM
from the special-interests-with-guns dept.

nonprofiteer writes "The Pentagon is increasingly transforming the military into an unmanned force, taking soldiers out of harm's way and replacing them with drones and robots. In 2011, it spent $6 billion on unmanned systems. The problem is that the unmanned systems don't work well together thanks to contractors building proprietary control systems (to lock government into exclusive relationships and to make extra money). A company called DreamHammer plans to have a solution to this — a universal remote control that could integrate all robots and drones into one control system. It would save money and allow anyone to build apps for drones. 'DreamHammer CTO Chris Diebner compares it with a smartphone OS — on which drones and features for those drones can be run like apps. Of course, Ballista is doing something on a much larger scale. It means that it takes fewer people to fly more drones and that new features can be rolled out without the need to develop and build a new version of a Predator, for example.'"

RunCore Introduces Self-Destructable SSD 166

Posted by timothy on Thursday May 17, @11:06AM
from the magic-smoke-that-is dept.

jones_supa writes "RunCore announces the global launch of its InVincible solid state drive, designed for mission-critical fields such as aerospace or military. The device improves upon a normal SSD by having two strategies for the drive to quickly render itself blank. First method goes through the disk, overwriting all data with garbage. Second one is less discreet and lets the smoke out of the circuitry by driving overcurrent to the NAND chips. Both ways can be ignited with a single push of a button, allowing James Bond -style rapid response to the situation on the field."

Most CCTV Systems Come With Trivial Exploits 88

Posted by timothy on Thursday May 17, @09:25AM
from the peek-a-boo dept.

An anonymous reader writes "The use of CCTV cameras for physical surveillance of all kinds of environments has become so pervasive that most of us don't give the devices a second thought anymore. But, those individuals and organizations who actually use and control them should be aware that most of them come with default settings that make them vulnerable to outside attacks. According to Gotham Digital Science researcher Justin Cacak, standalone CCTV video surveillance systems by MicroDigital, HIVISION, CTRing, and many other rebranded devices are not only shipped with remote access enabled by default, but also with preconfigured default accounts and passwords that are banal and easy to guess."

UK Police Roll Out On-the-Spot Mobile Data Extraction System 138

Posted by samzenpus on Thursday May 17, @12:34AM
from the doing-it-faster dept.

Qedward writes "The Metropolitan Police has rolled out a mobile device data extraction system to allow officers to extract data 'within minutes' from suspects' phones while they are in custody. 'Ostensibly, the system has been deployed to target phones that are suspected of having actually been used in criminal activity, although data privacy campaigners may focus on potentially wider use.'"

Americans More Worried About Cybersecurity Than Terrorism 266

Posted by Soulskill on Tuesday May 15, @07:15PM
from the that-there-internet-is-a-scary-thing dept.

TheGift73 tips an article discussing a new study (PDF) which found Americans are now more worried about cybersecurity threats than they are about terrorism. Here's Techdirt's acerbic take: "Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there's no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading. Of course, this is mostly due to the work of a neat combination of ex-politicians/now lobbyists working for defense contractors who stand to make a ton of money from the panic — enabled by politicians who seem to have no shame in telling scary bedtime stories that have no basis in reality."

2010	Pakistan Court Orders Facebook Ban Over Mohammed Images	949 comments
2009	US To Require That New Cars Get 42 MPG By 2016	1186 comments
2005	Cuba Switching to Linux	1149 comments
2004	Star Wars Episode III : Birth Of The Empire	970 comments
2003	Microsoft To License SCO's Unix Code	817 comments