Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

AMD's 'Crimson' Driver Software Released ( 50

An anonymous reader writes: Yesterday marked the launch of AMD's 'Crimson' driver software. It replaces the old Catalyst driver software, and represents a change in how AMD develops bug fixes, improves performance, and adds features. AnandTech took a detailed look at the new driver software. They say, "By focusing feature releases around the end of the year driver, AMD is able to cut down on what parts of the driver they change (and thereby can possibly break) at other times of the year, and try to knock out all of their feature-related bugs at once. At the same time it makes the annual driver release a significant event, as AMD releases a number of new features all at once. However on the other hand this means that AMD has few features launching any other time of the year, which can make it look like they're not heavily invested in feature development at those points." On a more positive note, the article adds, "Looking under the hood there's no single feature that's going to blow every Radeon user away at once, but overall there are a number of neat features here that should be welcomed by various user groups. ... Meanwhile AMD's radical overhaul of their control panel via the new Radeon Settings application will be quickly noticed by everyone."

Second Root Cert-Private Key Pair Found On Dell Computer ( 65

msm1267 writes: A second root certificate and private key, similar to eDellRoot [mentioned here yesterday], along with an expired Atheros Authenticode cert and private key used to sign Bluetooth drivers has been found on a Dell Inspiron laptop. The impact of these two certs is limited compared to the original eDellRoot cert. The related eDellRoot cert is also self-signed but has a different fingerprint than the first one. It has been found only on two dozen machines according to the results of a scan conducted by researchers at Duo Security. Dell, meanwhile, late on Monday said that it was going to remove the eDellroot certificate from all Dell systems moving forward, and for existing affected customers, it has provided permanent removal instructions (.DOCX download), and starting today will push a software update that checks for the eDellroot cert and removes it. The second certificate / key pair was found by researchers at Duo Security.

Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached 25

An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story: Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers. According to a note on Pearson's site, the system remains down for the time being.

Disney IT Workers Prepare To Sue Over Foreign Replacements ( 262

JustAnotherOldGuy writes: At least 23 former Disney IT workers have filed complaints with the federal Equal Employment Opportunity Commission (EEOC) over the loss of their jobs to foreign replacements. This federal filing is a first step to filing a lawsuit alleging discrimination. These employees are arguing that they are victims of national origin discrimination, a complaint increasingly raised by U.S. workers who have lost their jobs to foreign workers on H-1B and other temporary visas. Disney's layoff last January followed agreements with IT services contractors that use foreign labor, mostly from India. Some former Disney workers have begun to go public (video) over the displacement process

Can Full-Time Tech Workers Survive the Gig Economy? ( 169

Nerval's Lobster writes: By some measures, more than 40 percent of U.S. workers will be independent in 2020. Today, that number stands at 34 percent, according to the Freelancer's Union. By all accounts, the trend seems widespread enough to indicate that tech pros should prepare themselves for the dynamics of a world that depends more on contingent work. The question isn't whether the tech world will see an increasing prevalence of 'gigs,' rather than full-time positions; it's whether those in full-time positions can easily keep their jobs when there's pressure to farm it out cheaply and easily to freelancers. Or will the need for people who can see projects through the long term prevent the 'gig economy' from radically changing the tech industry?

Dell Accused of Installing 'Superfish-Like' Rogue Certificates On Laptops ( 92

Mickeycaskill writes: Dell has been accused of pre-installing rogue self-signing root certificate authentications on its laptops. A number of users discovered the 'eDellRoot' certificate on their machines and say it leaves their machines, and any others with the certificate, open to attack. "Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid," said Joe Nord, a Citrix product manager who found the certificate on his laptop. It is unclear whether it is Dell or a third party installing the certificate, but the episode is similar to the 'Superfish' incident in which Lenovo was found to have installed malware to inject ads onto users' computers.

What the Sony Hack Looked Like To Employees ( 51

An anonymous reader writes: The cyber attack on Sony was one of the highest profile hacks in the past several years. Slate tracked down two dozen people who worked there at the time, and asked them what it was like on the inside while it was happening. Quoting: "The telephone directory vanished. Voicemail was offline. Computers became bricks. Internet access on the lot was shuttered. The cafeteria went cash-only. Contracts—and the templates those contracts were based on—disappeared. Sony's online database of stock footage was unsearchable. It was near impossible for Sony to communicate directly with its employees—much less ex-employees, who were also gravely affected by the hack—to inform them of what was even happening and what to do about it. 'It was like moving back into an earlier time,' one employee says." Some employees had their workloads doubled, some had nothing to do. While the hack brought the company together at the beginning, it eventually descended into recriminations and lawsuits.

New IBM Tech Lets Apps Authenticate You Without Personal Data ( 27

itwbennett writes: IBM's Identity Mixer allows developers to build apps that can authenticate users' identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.

Nearly 35,000 Comment On New Federal STEM OPT Extension Rule ( 55

theodp writes: Computerworld reports that the comments are in on the Department of Homeland Security's new proposed rule to extend OPT for international STEM students from 29 months to at least 36 months. The majority of the comments received by DHS support extending the program, CW notes, which is probably not surprising. Rather than choosing to "avoid the appearance of improper influence" by declining to respond to a "We the People" petition protesting a pending U.S. Federal judge's ruling that threatens to eliminate OPT STEM extensions altogether in February, the White House informed the 100k petition signers that they had the President's support, and pointed to the comment site for the proposed DHS OPT STEM rule workaround. Like the "We the People" petitioners, it's unclear whether the DHS commenters might represent corporate, university, and/or student interests, although a word cloud of the top 100 names of commenters (which accounted for 17,000+ comments) hints that international students are well-represented. By the way, in rejecting the 'emergency changes' that were enacted by DHS in 2008 to extend OPT for STEM students without public comment, Judge Ellen Huvelle said, "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft and similar industry groups."

Ransomware Expected To Hit 'Lifesaving' Medical Devices In 2016 ( 108

An anonymous reader writes: A surge in ransomware campaigns is expected to hit the medical sector in 2016, according to a recent report published by forecasters at Forrester Research. The paper 'Predictions 2016: Cybersecuirty Swings To Prevention' suggests that the primary hacking trend of the coming year will be "ransomware for a medical device or wearable," arguing that cybercriminals would only have to make mall modifications to current malware to create a feasible attack. Pacemakers and other vital health devices would become prime targets, with attackers toying with their stability and potentially threatening the victim with their own life should the ransom demands not be met.

How Anonymous' War With Isis Is Actually Harming Counter-Terrorism ( 391

retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Astley's "Never Gonna Give You Up" music video. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987. Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Astley drowns out intelligence as well as recruitment.

CIOs Spend a Third of Their Time On Security ( 110

StewBeans writes: Much has been discussed about the potential security risks of an Internet of Things future in which billions of devices and machines are all talking to each other automatically. But the IoT market is exploding at a breakneck pace, leaving all companies scrambling to figure out the security piece of the puzzle now, before it's too late. In fact, some experts believe this issue will be what separates the winners from the losers, as security concerns either stop companies from getting into the IoT market, or delay existing IoT projects and leave the door open to swifter competition. That's likely why, according to CIO Magazine's annual survey, CIOs are spending a third of their time on security. Adam Dennison from CIO said, "If IT leaders want to embrace the sexy, new technologies they are hearing about today—the SMAC stack, third platform, Internet of Things, etc—security is going to be upfront and at the center of the discussion."

The History of SQL Injection, the Hack That Will Never Go Away ( 193

An anonymous reader writes with this history of SQL injection attacks. From the Motherboard article: "SQL injection (SQLi) is where hackers typically enter malicious commands into forms on a website to make it churn out juicy bits of data. It's been used to steal the personal details of World Health Organization employees, grab data from the Wall Street Journal, and hit the sites of US federal agencies. 'It's the most easy way to hack,' the pseudonymous hacker w0rm, who was responsible for the Wall Street Journal hack, told Motherboard. The attack took only a 'few hours.' But, for all its simplicity, as well as its effectiveness at siphoning the digital innards of corporations and governments alike, SQLi is relatively easy to defend against. So why, in 2015, is SQLi still leading to some of the biggest breaches around?"

Whistleblowers: How NSA Created the 'Largest Failure' In Its History ( 118

An anonymous reader writes: Former NSA whistleblowers contend that the agency shut down a program that could have "absolutely prevented" some of the worst terror attacks in memory. According to the ZDNet story: "Weeks prior to the September 11 terrorist attacks, a test-bed program dubbed ThinThread was shut down in favor of a more expensive, privacy-invasive program that too would see its eventual demise some three years later -- not before wasting billions of Americans' tax dollars. Four whistleblowers, including a congressional senior staffer, came out against the intelligence community they had served, after ThinThread. designed to modernize the agency's intelligence gathering effort, was cancelled. Speaking at the premier of a new documentary film A Good American in New York, which chronicles the rise and demise of the program, the whistleblowers spoke in support of the program, led by former NSA technical director William Binney."

Blackberry Offers 'Lawful Device Interception Capabilities' ( 137

An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.