Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Government

New Zealand Spied On Nearly Two Dozen Pacific Countries 112

Posted by samzenpus
from the keep-your-eyes-on-your-own-paper dept.
An anonymous reader writes New documents from Edward Snowden indicate New Zealand undertook "full take" interception of communications from Pacific nations and forwarded the data to the NSA. The data, collected by New Zealand's Government Communications Security Bureau, was then fed into the NSA's XKeyscore search engine to allow analysts to trawl for intelligence. The New Zealand link helped flesh out the NSA's ambitions to intercept communications globally.
Businesses

Demand For Linux Skills Rising This Year 86

Posted by samzenpus
from the popular-kids dept.
Nerval's Lobster writes This year is shaping up as a really good one for Linux, at least on the jobs front. According to a new report (PDF) from The Linux Foundation and Dice, nearly all surveyed hiring managers want to recruit Linux professionals within the next six months, with 44 percent of them indicating they're more likely to hire a candidate with Linux certification over one who does not. Forty-two percent of hiring managers say that experience in OpenStack and CloudStack will have a major impact on their hiring decisions, while 23 percent report security is a sought-after area of expertise and 19 percent are looking for Linux-skilled people with Software-Defined Networking skills. Ninety-seven percent of hiring managers report they will bring on Linux talent relative to other skills areas in the next six months.
Transportation

US Air Traffic Control System Is Riddled With Vulnerabilities 56

Posted by Soulskill
from the things-you-shouldn't-read-before-your-flight-today dept.
An anonymous reader writes: A recently released report (PDF) by the U.S. Government Accountability Office has revealed that despite some improvements, the Federal Aviation Administration (FAA) still needs to quash significant security control weaknesses that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system (NAS). The report found that while the "FAA established policies and procedures for controlling access to NAS systems and for configuring its systems securely, and it implemented firewalls and other boundary protection controls to protect the operational NAS environment [...] a significant number of weaknesses remain in the technical controls—including access controls, change controls, and patch management—that protect the confidentiality, integrity, and availability of its air traffic control systems."
IT

The Mexican Drug Cartels' Involuntary IT Guy 117

Posted by Soulskill
from the undesirable-career-paths dept.
sarahnaomi writes: It could have been any other morning. Felipe del Jesús Peréz García got dressed, said goodbye to his wife and kids, and drove off to work. It would be a two hour commute from their home in Monterrey, in Northeastern Mexico's Nuevo León state, to Reynosa, in neighboring Tamaulipas state, where Felipe, an architect, would scout possible installation sites for cell phone towers for a telecommunications company before returning that evening That was the last time anyone saw him.

What happened to Felipe García? One theory suggests he was abducted by a sophisticated organized crime syndicate, and then forced into a hacker brigade that builds and services the cartel's hidden, backcountry communications infrastructure. They're the Geek Squads to some of the biggest mafia-style organizations in the world.
Privacy

Schneier: Either Everyone Is Cyber-secure Or No One Is 128

Posted by Soulskill
from the nobody's-safe-except-the-amish dept.
Presto Vivace sends a new essay from Bruce Schneier called "The Democratization of Cyberattack. Quoting: When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers.Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. ... We can't choose a world where the U.S. gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.
Encryption

FREAK Attack Threatens SSL Clients 68

Posted by Soulskill
from the another-day-another-vuln dept.
msm1267 writes: For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL clients, including OpenSSL, will accept weak RSA keys–known as export-grade keys–without asking for those keys. Export-grade refers to 512-bit RSA keys, the key strength that was approved by the United States government for export overseas. This was an artifact from decades ago and it was thought that most servers and clients had long ago abandoned such weak ciphers. The vulnerability affects a variety of clients, most notably Apple's Safari browser.
Wireless Networking

Flaw In GoPro Update Mechanism Reveals Users' Wi-Fi Passwords 35

Posted by timothy
from the oopsie dept.
An anonymous reader writes A vulnerability in the update mechanism for the wireless networks operated by GoPro cameras has allowed a security researcher to easily harvest over a 1,000 login credentials (including his own). The popular rugged, wearable cameras can be controlled via an app, but in order to do so the user has to connect to the camera's Wi-Fi network. Israel-based infosec expert Ilya Chernyakov discovered the flaw when he had to access the network of a friend's camera, but the friend forgot the login credentials.
GUI

Why We Should Stop Hiding File-Name Extensions 552

Posted by timothy
from the text-rules dept.
An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
Graphics

Khronos Group Announces Vulkan To Compete Against DirectX 12 85

Posted by timothy
from the cross-platform-good dept.
Phopojijo writes The Khronos Group has announced the Vulkan API for compute and graphics. Its goal is to compete against DirectX 12. It has some interesting features, such as queuing to multiple GPUs and an LLVM-based bytecode for its shading language to remove the need for a compiler from the graphics drivers. Also, the API allows graphics card vendors to support Vulkan with drivers back to Windows XP "and beyond."
Graphics

NVIDIA Fixes Old Compiz Bug 49

Posted by timothy
from the mayan-long-count dept.
jones_supa writes NVIDIA has fixed a long-standing issue in the Ubuntu Unity desktop by patching Compiz. When opening the window of a new application, it would go black or become transparent on NVIDIA hardware. There have been bug reports dating back to Ubuntu 12.10 times. The problem was caused by Compiz, which had some leftover code from a port. An NVIDIA developer posted on Launchpad and said the NVIDIA team has been looking at this issue, and they also proposed a patch. "Our interpretation of the specification is that creating two GLX pixmaps pointing at the same drawable is not allowed, because it can lead to poorly defined behavior if the properties of both GLX drawables don't match. Our driver prevents this, but Compiz appears to try to do this," wrote NVIDIA's Arthur Huillet. The Compiz patch has been accepted upstream.
Android

Google Backs Off Default Encryption on New Android Lollilop Devices 118

Posted by Soulskill
from the give-the-people-what-the-government-wants dept.
An anonymous reader writes: Although Google announced in September 2014 that Android 5.0 Lollipop would require full-disk encryption by default in new cell phones, Ars Technica has found otherwise in recently-released 2nd-gen Moto E and Galaxy S6. It turns out, according to the latest version of the Android Compatibility Definition document (PDF), full-disk encryption is currently only "very strongly recommended" in anticipation of mandatory encryption requirements in the future. The moral of the story is: don't be lazy — check that your full-disk encryption is actually enabled.
Yahoo!

Marissa Mayer On Turning Around Yahoo 167

Posted by samzenpus
from the steering-the-ship dept.
An anonymous reader writes For the 20th anniversary of Yahoo, Marissa Mayer discusses how she's trying to reinvent the company. In a wide-ranging interview, Mayer shares her vision for fixing the company's past mistakes, including a major investment in mobile and a new ad platform. Yet she's been dogged by critics who see her as an imperious micromanager, who criticize her $1.1 billion purchase of Tumblr, and who fault her for moving too slowly. The company's executives explain that the business could only return to health after she first halted Yahoo's brain drain and went big on mobile. As one Yahoo employee summarized Mayer's thinking: "First people, then apps."
Communications

Jolla Partners With SSH To Create Sailfish Secure 30

Posted by samzenpus
from the protect-ya-neck dept.
First time accepted submitter muckracer writes Finnish mobile company Jolla will be working with Finland's SSH Communications to offer another version of its SailfishOS platform with stronger security credentials. The partnership was announced today at Jolla's press conference in Barcelona at the Mobile World Congress trade show. SSH will be providing comms encryption and key management to Sailfish Secure.
Security

Pharming Attack Targets Home Router DNS Settings 39

Posted by samzenpus
from the protect-ya-neck dept.
msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.
GUI

Xfce 4.12 Released 90

Posted by Soulskill
from the onward-and-upward dept.
motang writes: After two years of hard work (and much to the dismay of naysayers who worried the project has been abandoned), the Xfce team has announced the release of Xfce 4.12. Highlights include improvements to the window switcher dialog, intelligent hiding of the panel, new wallpaper settings, better multi-monitor support, improved power settings, additions to the file manager, and a revamped task manager. Here is a quick tour, the full changelog, and the download page. I have been running it since Xubuntu 15.04 beta 1 was released two days ago. It is much improved over 4.10, and the new additions are great.