Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Data Storage

Bangladesh Considers Building World's 5th-largest Data Center In Earthquake Zone

Posted by samzenpus
from the whole-lot-of-shaking-going-on dept.
An anonymous reader writes with news about a government plan to build a Tier IV data center in an earthquake prone district of Bangladesh. The Bangladesh Ministry of Information is considering the establishment of a Tier 4 data centre in Kaliakair, in the Gazipur region, an ambitious build which would constitute the fifth largest data centre in the world, if completed. And if it survives – the site planned for the project is prone to earthquakes. Earthquake activity in the environs is discouraging, with one nearby earthquake seven months ago in Ranir Bazar (3.8), and no less than ten within the same tectonic zone over the last three years, the largest of which measured 4.5 on the Richter scale.
United States

Leaked Docs Reveal List of 30 Countries Hacked On Orders of FBI Informant Sabu 44

Posted by samzenpus
from the naming-names dept.
blottsie writes A Federal Bureau of Investigation informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now. A cache of leaked IRC chat logs and other documents obtained by the Daily Dot reveals the 30 countries—including U.S. partners, such as the United Kingdom and Australia—tied to cyberattacks carried out under the direction of Hector Xavier Monsegur, better known as Sabu, who served as an FBI informant at the time of the attacks.
Security

Obama Administration Argues For Backdoors In Personal Electronics 436

Posted by samzenpus
from the let-us-in dept.
mi writes Attorney General Eric Holder called it is "worrisome" that tech companies are providing default encryption on consumer electronics, adding that locking authorities out of being able to access the contents of devices puts children at risk. “It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said at a conference on child sexual abuse, according to a text of his prepared remarks. “When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.”
IOS

iOS Trojan Targets Hong Kong Protestors 60

Posted by samzenpus
from the protect-ya-neck dept.
First time accepted submitter Kexel writes Security researchers have claimed to discover the first Apple iOS Trojan attack in a move to thwart the communications of pro-democracy Hong Kong activists. From the article: "The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday. They uncovered the spyware while investigating similar malware for Google Inc's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon. It is unclear how iOS devices get infected with Xsser, which is not disguised as an app."
Communications

Back To Faxes: Doctors Can't Exchange Digital Medical Records 221

Posted by Soulskill
from the have-you-tried-paper-airplanes dept.
nbauman writes: Doctors with one medical records system can't exchange information with systems made by other vendors, including those at their own hospitals, according to the New York Times. One ophthalmologist spent half a million dollars on a system, but still needs to send faxes to get the information where it needs to go. The largest vendor is Epic Systems, Madison, WI, which holds almost half the medical records in the U.S. A report from RAND described Epic as a "closed" platform that made it "challenging and costly" for hospitals to interconnect.

The situation is bad for patients and costly for medical works: if doctors can't exchange records, they'll face a 1% Medicare penalty, and UC Davis alone has a staff of 22 dedicated to communication. On top of that, Epic charges a fee to send data to some non-Epic systems. Congress has held hearings on the matter, and Epic has hired a lobbyist. Epic's founder, billionaire computer science major Judith Faulkner, said that Epic was one of the first to establish code and standards for secure interchange, which included user authentication provisions and a legally binding contract. She said the federal government, which gave $24 billion in incentive payments to doctors for computerization, should have done that. The Office of the National Coordinator for Health Information Technology said that it was a "top priority" and just recently wrote a 10-year vision statement and agenda for it.
Electronic Frontier Foundation

Hundreds of Police Agencies Distributing Spyware and Keylogger 69

Posted by Soulskill
from the you-can-trust-us dept.
realized sends this news from the EFF: For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.

As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.
China

China Worried About Terrorist Pigeons 89

Posted by Soulskill
from the lesser-known-cousin-to-carrier-pigeons dept.
An anonymous reader writes: A pleasant event was planned for the 65th anniversary of the founding of the People's Republic of China. A ceremony at Tiananmen Square would release 10,000 pigeons at sunrise to symbolize an era of peace. Unfortunately, even symbols of peace can apparently remind people of violence. Chinese authorities searched all 10,000 pigeons for "dangerous materials," after the government was concerned they might be used for attacks. The pigeons' feathers were checked, and they were given a cavity search as well. The reports did not indicate what kind of "dangerous materials" these pigeons might be carrying. It's unclear whether any pigeons disclosed terror plots under interrogation.
Open Source

Linux Foundation Announces Major Network Functions Virtualization Project 40

Posted by Soulskill
from the building-future-tech dept.
Andy Updegrove writes: The Linux Foundation this morning announced the latest addition to its family of major hosted open source initiatives: the Open Platform for NFV Project (OPNFV). Its mission is to develop and maintain a carrier-grade, integrated, open source reference platform for the telecom industry. Importantly, the thirty-eight founding members include not only cloud and service infrastructure vendors, but telecom service providers, developers and end users as well. The announcement of OPNFV highlights three of the most significant trends in IT: virtualization (the NFV part of the name refers to network function virtualization), moving software and services to the cloud, and collaboratively developing complex open source platforms in order to accelerate deployment of new business models while enabling interoperability across a wide range of products and services. The project is also significant for reflecting a growing recognition that open source projects need to incorporate open standards planning into their work programs from the beginning, rather than as an afterthought.
Stats

Microsoft's Asimov System To Monitor Users' Machines In Real Time 263

Posted by timothy
from the all-persons-who-enter-herein dept.
SmartAboutThings writes Microsoft will monitor users in the new Windows 9 Operating System in order to determine how the new OS is used, thus decide what tweaks and changes are need to be made. During Windows 8 testing, Microsoft said that they had data showing Start Menu usage had dropped, but it seems that the tools they were using at the time weren't as evolved as the new 'Asimov' monitor. The new system is codenamed 'Asimov' and will provide a near real-time view of what is happening on users' machines. Rest assured, the data is going to be obscured and aggregated, but intelligible enough to allow Microsoft to get detailed insights into user interactions with the OS. Mary Jo Foley says that the system was originally built by the Xbox Team and now is being used by the Windows team. Users who will download the technical preview of Windows 9, which is said to get unveiled today, will become 'power users' who will utilize the platform in unique scenarios. This will help Microsoft identify any odd bugs ahead of the final release.
Bug

Apple Fixes Shellshock In OS X 163

Posted by timothy
from the that's-mac-os-x-to-you-buddy dept.
jones_supa (887896) writes Apple has released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell. Bash, which is the default shell for many Linux-based operating systems, has been updated two times to fix the bug, and many Linux distributions have already issued updates to their users. When installed on an OS X Mavericks system, the patch upgrades the Bash shell from version 3.2.51 to version 3.2.53. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on the system first. An Apple representative told Ars Technica that OS X Yosemite, the upcoming version of OS X, will receive the patch later.
Security

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers 28

Posted by Soulskill
from the definitely-totally-detects-fbi-malware-totally-definitely dept.
Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.
Cloud

CloudFlare Announces Free SSL Support For All Customers 66

Posted by Soulskill
from the big-step-in-the-right-direction dept.
Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.
Encryption

Tor Executive Director Hints At Firefox Integration 115

Posted by Soulskill
from the foxes-love-onions dept.
blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
Crime

CEO of Spyware Maker Arrested For Enabling Stalkers 194

Posted by Soulskill
from the reaping-what-you-sow dept.
An anonymous reader writes: U.S. authorities have arrested and indicted the CEO of a mobile software company for selling spyware that enables "stalkers and domestic abusers." The U.S. Department of Justice accuses the man of promoting and selling software that can "monitor calls, texts, videos and other communications on mobile phones without detection." The agency pointed out this is the first criminal case based on mobile spyware, and promised to aggressively pursue makers of similar software in the future. Here's the legal filing (PDF). The FBI, with approval from a District Court, has disabled the website hosting the software.

"The indictment alleges that StealthGenie's capabilities included the following: it recorded all incoming/outgoing voice calls; it intercepted calls on the phone to be monitored while they take place; it allowed the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius; and it allowed the purchaser to monitor the user's incoming and outgoing e-mail messages and SMS messages, incoming voicemail messages, address book, calendar, photographs, and videos. All of these functions were enabled without the knowledge of the user of the phone."
Australia

Man Walks Past Security Screening Staring At iPad, Causing Airport Evacuation 214

Posted by samzenpus
from the paying-attention dept.
First time accepted submitter chentiangemalc writes While Australia is on "high alert" for terror threats a man walked past a Sydney Airport security screening while engrossed in his iPad and delayed flights for an hour. From the article: "This event was captured on CCTV and unnerved officials so much that they evacuated passengers. As the Sydney Morning Herald reported, the man found himself (or, perhaps, didn't) going into the terminal through an exit passage that clearly was convenient for him, but less convenient for the hordes of passengers who not only had to be removed from Terminal 3, but also re-screened. A spokeswoman for Qantas told the Morning Herald: 'The man disembarked a flight and left. It appears he wasn't paying attention, was looking at his iPad, forgot something and walked back past (the security area).'"
Security

Bash To Require Further Patching, As More Shellshock Holes Found 326

Posted by samzenpus
from the protect-ya-neck dept.
Bismillah writes Google security researcher Michael 'lcamtuf' Zalewski says he's discovered a new remote code execution vulnerability in the Bash parser (CVE-2014-6278) that is essentially equivalent to the original Shellshock bug, and trival to exploit. "The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said. "The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.
Businesses

Ask Slashdot: Multimedia-Based Wiki For Learning and Business Procedures? 97

Posted by samzenpus
from the a-little-help-please dept.
kyle11 writes I'm scratching my head at how to develop a decent wiki for a large organization I work in. We support multiple technologies, across multiple locations, and have ways of doing things that become exponentially convoluted. I give IT training to many of these users for a particular technology, and other people do for other stuff as well. Now, I hate wikis because everyone who did one before failed and gave them a bad name. If it starts wrong, it is doomed to failure and irrelevance.

What I'm looking for would be something like a Wiki with YouTube built in — make a playlist of videos with embedded links for certain job based tasks. And reuse and recycle those videos in other playlists of other tasks as they may be applicable. It would go beyond the actual IT we work with and would include things like, "Welcome to working in this department. Here are 20 videos detailing stupid procedures you need to go through to request access to customers' systems/networks/databases to even think about doing your job." I tried MediaWiki and Xwiki, and maybe I'm doing it wrong, but I can't seem to find a way to tweak them to YouTube-level simplicity for anyone to contribute to without giving up on the thing because its' a pain in the butt.

My only real requirement is that it not be cloud-based because it will contain certain sensitive information and I'd like it all to live on one virtual machine if at all possible. I can't be the only one with this problem of enabling many people to contribute and sort their knowledge without knowing how an HTML tag works, or copying files into something more complicated than a web browser. What approaches have any of you out there taken to trying to solve a similar problem?
Security

At CIA Starbucks, Even the Baristas Are Covert 241

Posted by samzenpus
from the secret-coffee dept.
An anonymous reader writes with this interesting story about what it's like to work at “Store Number 1,” the CIA's Starbucks. The new supervisor thought his idea was innocent enough. He wanted the baristas to write the names of customers on their cups to speed up lines and ease confusion, just like other Starbucks do around the world. But these aren't just any customers. They are regulars at the CIA Starbucks. "They could use the alias 'Polly-O string cheese' for all I care," said a food services supervisor at the Central Intelligence Agency, asking that his identity remain unpublished for security reasons. "But giving any name at all was making people — you know, the undercover agents — feel very uncomfortable. It just didn't work for this location."
Businesses

Ask Slashdot: Software Issue Tracking Transparency - Good Or Bad? 158

Posted by samzenpus
from the to-show-them-or-not-to-show-them dept.
First time accepted submitter Mike Sheen writes I'm the lead developer for an Australian ERP software outfit. For the last 10 years or so we've been using Bugzilla as our issue tracking system. I made this publicly available to the degree than anyone could search and view bugs. Our software is designed to be extensible and as such we have a number of 3rd party developers making customization and integrating with our core product.

We've been pumping out builds and publishing them as "Development Stream (Experimental / Unstable" and "Release Stream (Stable)", and this is visible on our support site to all. We had been also providing a link next to each build with the text showing the number of bugs fixed and the number of enhancements introduced, and the URL would take them to the Bugzilla list of issues for that milestone which were of type bug or enhancement.

This had been appreciated by our support and developer community, as they can readily see what issues are addressed and what new features have been introduced. Prior to us exposing our Bugzilla database publicly we produced a sanitized list of changes — which was time consuming to produce and I decided was unnecessary given we could just expose the "truth" with simple links to the Bugzilla search related to that milestone.

The sales and marketing team didn't like this. Their argument is that competitors use this against us to paint us as producers of buggy software. I argue that transparency is good, and beneficial — and whilst our competitors don't publish such information — but if we were to follow our competitors practices we simply follow them in the race to the bottom in terms of software quality and opaqueness.

In my opinion, transparency of software issues provides:

Identification of which release or build a certain issue is fixed.
Recognition that we are actively developing the software.
Incentive to improve quality controls as our "dirty laundry" is on display.
Information critical to 3rd party developers.
A projection of integrity and honesty.

I've yielded to the sales and marketing demands such that we no longer display the links next to each build for fixes and enhancements, and now publish "Development Stream (Experimental / Unstable" as simply "Development Stream") but I know what is coming next — a request to no longer make our Bugzilla database publicly accessible. I still have the Bugzilla database publicly exposed, but there is now only no longer the "click this link to see what we did in this build".

A compromise may be to make the Bugzilla database only visible to vetted resellers and developers — but I'm resistant to making a closed "exclusive" culture. I value transparency and recognize the benefits. The sales team are insistent that exposing such detail is a bad thing for sales.

I know by posting in a community like Slashdot that I'm going to get a lot of support for my views, but I'm also interested in what people think about the viewpoint that such transparency could be bad thing.
Graphics

NVIDIA Begins Requiring Signed GPU Firmware Images 189

Posted by Soulskill
from the always-looking-out-for-the-little-guy dept.
An anonymous reader writes: In a blow to those working on open-source drivers, soft-mods for enhancing graphics cards, and the Chinese knock-offs of graphics cards, NVIDIA has begun signing and validating GPU firmware images. With the latest-generation Maxwell GPUs, not all engine functionality is being exposed unless the hardware detects the firmware image was signed by NVIDIA. This is a setback to the open-source Nouveau Linux graphics driver but they're working towards a solution where NVIDIA can provide signed, closed-source firmware images to the driver project for redistribution. Initially the lack of a signed firmware image will prevent some thermal-related bits from being programmed but with future hardware the list of requirements is expected to rise.

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken

Working...