Forgot your password?
typodupeerror
Security

Ask Slashdot: Best Biometric Authentication System? 40

Posted by samzenpus
from the eyes-have-it dept.
kwelch007 writes I run a network for a company that does manufacturing primarily in a clean-room. We have many systems in place that track countless aspects of every step. However, we do not have systems in place to identify the specific user performing the step. I could do this easily, but asking users to input their AD login every time they perform a task is a time-waster (we have "shared" workstations throughout.) My question is, what technologies are people actually using successfully for rapid authentication? I've thought about fingerprint scanners, but they don't work because in the CR we have to wear gloves. So, I'm thinking either face-recognition or retinal scans...but am open to other ideas if they are commercially viable.
Transportation

Auto Industry Teams Up With Military To Stop Car Hacking 90

Posted by Soulskill
from the feel-free-to-stay-on-top-of-that dept.
An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.
Data Storage

Is LTO Tape On Its Way Out? 262

Posted by Soulskill
from the IT-no-longer-caught-on-tape dept.
storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increasingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum.

"If multiple vendors invest in a technology, it has a good chance of winning over the long haul," writes Newman, a long-time proponent of tape technology. "If multiple vendors have a technology they're not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market."
Security

The People Who Are Branding Vulnerabilities 60

Posted by Soulskill
from the it's-marketing-all-the-way-down dept.
antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.
Sony

Sony Pictures Computer Sytems Shut Down After Ransomware Hack 153

Posted by Soulskill
from the try-long-enough-and-you-find-a-soft-target dept.
MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.
IT

Big IT Vendors Mostly Mum On Commercial Drone Plans 22

Posted by Soulskill
from the playing-possum dept.
alphadogg writes: Word that the Federal Aviation Administration might take a very hard line on commercial drone use has those with designs on such activity nervous. But as for big enterprise IT vendors, it's really hard to tell what they think because they're keeping any plans in this field very hush-hush. More consumer oriented companies like Amazon, Facebook, and Google are active, but companies like IBM and HP are quiet, while Microsoft affirms it has nothing doing. A former FAA lawyer says sitting on the sidelines even during this unsure regulatory period is probably not a great idea. "I have a hard time believing they don't have some sort of programs in place," attorney Mark Dombroff says.
Security

Regin Malware In EU Attack Linked To US and British Intelligence Agencies 126

Posted by samzenpus
from the guess-who dept.
Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.
United States

DHS Set To Destroy "Einstein" Surveillance Records 70

Posted by samzenpus
from the nothing-to-see-here dept.
schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.
Books

Book Review: Bulletproof SSL and TLS 88

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.
Businesses

LinkedIn Study: US Attracting Fewer Educated, Highly Skilled Migrants 320

Posted by samzenpus
from the best-and-brightest dept.
vinces99 writes The U.S. economy has long been powered in part by the nation's ability to attract the world's most educated and skilled people to its shores. But a new study of the worldwide migration of professionals to the U.S. shows a sharp drop-off in its proportional share of those workers – raising the question of whether the nation will remain competitive in attracting top talent in an increasingly globalized economy. The study, which used a novel method of tracking people through data from the social media site LinkedIn, is believed to be the first to monitor global migrations of professionals to the U.S., said co-author Emilio Zagheni, a University of Washington assistant professor of sociology and fellow of the UW eScience Institute. Among other things, the study, presented recently in Barcelona, Spain, found that just 13 percent of migrating professionals in the sample group chose the U.S. as a destination in 2012, down from 27 percent in 2000.
Security

Nuclear Weapons Create Their Own Security Codes With Radiation 104

Posted by samzenpus
from the missile-protect-thyself dept.
Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.
Security

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years 141

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.
Spam

Profanity-Laced Academic Paper Exposes Scam Journal 134

Posted by Soulskill
from the start-building-your-resume dept.
Frosty P writes: A scientific paper titled "Get Me Off Your F****** Mailing List" was actually accepted by the International Journal of Advanced Computer Technology. As reported at Vox and other web sites, the journal, despite its distinguished name, is a predatory open-access journal. These sorts of low-quality journals spam thousands of scientists, offering to publish their work for a fee. In 2005, computer scientists David Mazières and Eddie Kohler created this highly profane ten-page paper as a joke, to send in replying to unwanted conference invitations. It literally just contains that seven-word phrase over and over, along with a nice flow chart and scatter-plot graph. More recently, computer scientist Peter Vamplew sent it to the IJACT in response to spam from the journal, and the paper was automatically accepted with an anonymous reviewer rating it as "excellent," and requested a fee of $150. Over the years, the number of these predatory journals has exploded. Jeffrey Beall, a librarian at the University of Colorado, keeps an up-to-date list of them to help researchers avoid being taken in; it currently has 550 publishers and journals on it."
The Military

Ukraine's IT Brigade Supports the Troops 140

Posted by Soulskill
from the revenge-of-the-nerds dept.
An anonymous reader sends this story from BusinessWeek: Eight months ago, David Arakhamiya was running a small IT company in the southern Ukrainian city of Mykolayiv. Today, as an adviser to Ukraine’s defense minister, he oversees a massive crowdfunding effort that since March has raised about $300 million from ordinary citizens. The money is being used to equip Ukraine’s army with everything from uniforms, water, and other basic supplies to high-tech gear such as reconnaissance drones. Yaroslav Markevich, another IT entrepreneur with a small company in Kharkiv, once a Soviet hub for aviation technology, presented a plan to the commander of one Ukrainian battalion to create a drone unit after hearing stories about the efficiency of Russian drones. The commander said yes, and by the time his battalion was deployed early this summer, it was the only one in the army equipped with a fleet of short- and long-range drones. ... IT experts across Ukraine have been an important part of the volunteer effort to supply the army with equipment.
AT&T

Some Early Nexus 6 Units Returned Over Startup Bug 39

Posted by timothy
from the radiation-from-the-offworld-colonies dept.
The Register reports that Motorola has issued a recall for an early batch of its hotly anticipated new Nexus 6 smartphones that were sold through U.S. mobile carrier AT&T, owing to a software glitch that can reportedly causes the devices to boot to a black screen. ... AT&T retail stores have reportedly been told to return their existing inventory of the Nexus 6 and wait for new units to arrive from Motorola, which has already corrected the problem on its assembly line. Any customer who brings a defective unit into an AT&T store will receive a replacement. Motorola's memo to stores says that only initial shipments were affected, and that the problem has been identified. However, as the article mentions, there's thus far less luck for those like me who've found that at least some original Nexus 7 tablets do not play nicely with Lollipop. (The effects look nice, but it's never a good sign to see "System UI isn't responding. Do you want to close it?" on a tablet's screen.)
Open Source

Critical XSS Flaws Patched In WordPress and Popular Plug-In 40

Posted by timothy
from the switch-to-slashcode dept.
itwbennett writes The WordPress development team on Thursday released critical security updates that address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments. 'In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,' said Jouko Pynnonen, the security researcher who found the flaw.
Encryption

Another Hint For Kryptos 50

Posted by timothy
from the it's-about-where-to-get-local-donuts dept.
rastos1 writes Four years ago Jim Sanborn, the sculptor who created the wavy metal pane called Kryptos that sits in front of the CIA in Langley revealed a clue for breaking the last remaining part of the encrypted message on Kryptos. The clue was: BERLIN. But the puzzle resisted all all decryption efforts and is still unsolved. To honor the 25th anniversary of the Wall's demise and the artist's 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It's only the second hint he's released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The next word in the sequence is: "clock."
United States

Greenwald Advises Market-Based Solution To Mass Surveillance 156

Posted by samzenpus
from the you-get-what-you-demand dept.
Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Bitcoin

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins 46

Posted by timothy
from the sometimes-the-good-guys-win dept.
An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)
Supercomputing

Does Being First Still Matter In America? 246

Posted by timothy
from the by-jingo dept.
dcblogs writes At the supercomputing conference, SC14, this week, a U.S. Dept. of Energy offical said the government has set a goal of 2023 as its delivery date for an exascale system. It may be taking a risky path with that amount of lead time because of increasing international competition. There was a time when the U.S. didn't settle for second place. President John F. Kennedy delivered his famous "we choose to go to the moon" speech in 1962, and seven years later a man walked on the moon. The U.S. exascale goal is nine years away. China, Europe and Japan all have major exascale efforts, and the government has already dropped on supercomputing. The European forecast of Hurricane Sandy in 2012 was so far ahead of U.S. models in predicting the storm's path that the National Oceanic and Atmospheric Administration was called before Congress to explain how it happened. It was told by a U.S. official that NOAA wasn't keeping up in computational capability. It's still not keeping up. Cliff Mass, a professor of meteorology at the University of Washington, wrote on his blog last month that the U.S. is "rapidly falling behind leading weather prediction centers around the world" because it has yet to catch up in computational capability to Europe. That criticism followed the $128 million recent purchase a Cray supercomputer by the U.K.'s Met Office, its meteorological agency.

"Out of register space (ugh)" -- vi

Working...