×
The Almighty Buck

How Silk Road Bounced Back From Its Multimillion-Dollar Hack 50

Posted by Soulskill from the easy-come-easy-go dept.
Daniel_Stuckey writes: "Silk Road, the online marketplace notable for selling drugs and attempting to operate over Tor, was shut down last October. Its successor, Silk Road 2.0 survived for a few months before suffering a security breach. In total, an estimated $2.7 million worth of Bitcoin belonging to users and staff of the site was stolen. Some in the Silk Road community suspected that the hack might have involved staff members of the site itself, echoing scams on other sites. Project Black Flag closed down after its owner scampered with all of their customers' Bitcoin, and after that users of Sheep Marketplace had their funds stolen, in an incident that has never been conclusively proven as an inside job or otherwise. Many site owners would probably have given up at this point, and perhaps attempted to join another site, or start up a new one under a different alias. Why would you bother to pay back millions of dollars when you could just disappear into the digital ether? But Silk Road appears to be trying to rebuild, and to repay users' lost Bitcoins."
IOS

Apple Fixes Major SSL Bug In OS X, iOS 96

Posted by Soulskill from the more-broken-security-stuff dept.
Trailrunner7 writes: "Apple has fixed a serious security flaw present in many versions of both iOS and OS X and could allow an attacker to intercept data on SSL connections. The bug is one of many the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code. The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user's network, he might be able to intercept supposedly secure traffic or change the connection's properties."
Encryption

NIST Removes Dual_EC_DRBG From Random Number Generator Recommendations 86

Posted by Soulskill from the cryptic-announcement dept.
hypnosec writes: "National Institute of Standards and Technology (NIST) has removed the much-criticized Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) from its draft guidance on random number generators following a period of public comment and review. The revised document retains three of the four previously available options for generating pseudorandom bits required to create secure cryptographic keys for encrypting data. NIST recommends that people using Dual_EC_DRBG should transition to one of the other three recommended algorithms as quickly as possible."
Security

Ask Slashdot: How Can We Create a Culture of Secure Behavior? 169

Posted by Soulskill from the start-giving-$50-citations-for-bad-passwords dept.
An anonymous reader writes "Despite the high news coverage that large breaches receive, and despite tales told by their friends about losing their laptops for a few days while a malware infection is cleared up, employees generally believe they are immune to security risks. They think those types of things happen to other, less careful people. Training users how to properly create and store strong passwords, and putting measures in place that tell individuals the password they've created is 'weak' can help change behavior. But how do we embed this training in our culture?"
Stats

Tech People Making $100k a Year On the Rise, Again 193

Posted by timothy from the it-is-all-about-the-wilson dept.
Nerval's Lobster (2598977) writes "Last month, a report suggested that Austin has the highest salaries for tech workers (after factoring in the cost of living), followed by Atlanta, Denver, Boston, and Silicon Valley. Now, a new report (yes, from Dice, because it gathers this sort of data from tech workers) suggests that more tech people are earning six figures a year than ever. Some 32 percent of full-time tech pros took home more than $100,000 in 2013, according to the findings, up from 30 percent in 2012 and 26 percent in 2011. For contractors, the data is even better: In 2013, a staggering 54 percent of them earned more than $100,000 a year, up from 51 percent the previous year and 50 percent in 2011. How far that money goes depends on where you live, of course, but it does seem like a growing number of the world's tech workers are earning a significant amount of cash."
Security

Not Just a Cleanup Any More: LibreSSL Project Announced 360

Posted by timothy from the they'd-like-some-beer-money dept.
An anonymous reader writes "As some of you may know, the OpenBSD team has started cleaning up the OpenSSL code base. LibreSSL is primarily developed by the OpenBSD Project, and its first inclusion into an operating system will be in OpenBSD 5.6. In the wake of Heartbleed, the OpenBSD group is creating a simpler, cleaner version of the dominant OpenSSL. Theo de Raadt, founder and leader of OpenBSD and OpenSSH, tells ZDNet that the project has already removed 90,000 lines of C code and 150,000 lines of content. The project further promises multi-OS support once they have proper funding and the right portability team in place. Please consider donating to support LibreSSL via the OpenBSD foundation."
Education

Our Education System Is Failing IT 306

Posted by Unknown Lamer from the take-your-money-and-leave-you-dumb dept.
Nemo the Magnificent (2786867) writes "In this guy's opinion most IT workers can't think critically. They are incapable of diagnosing a problem, developing a possible solution, and implementing it. They also have little fundamental understanding of the businesses their employers are in, which is starting to get limiting as silos are collapsing within some corporations and IT workers are being called upon to participate in broader aspects of the business. Is that what you see where you are?"

Slashdot Top Deals