Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Education

NJ School District Hit With Ransomware-For-Bitcoins Scheme 138

Posted by timothy
from the so-is-there-a-downside? dept.
An anonymous reader sends news that unidentified hackers are demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.
Networking

Facebook Engineering Tool Mimics Dodgy Network Connectivity 60

Posted by Soulskill
from the open-source-tools-for-pranks dept.
itwbennett writes: Facebook has released an open source application called Augmented Traffic Control that can simulate the connectivity of a cell phone accessing an app over a 2G, Edge, 3G, or LTE network. It can also simulate weak and erratic WiFi connections. The simulations can give engineers an estimate of how long it would take a user to download a file, for instance, given varying network connections. It can help engineers re-create problems that crop up only on very slow networks.
Security

How 'The Cloud' Eats Away at Your Online Privacy (Video) 82

Posted by Roblimo
from the it-seems-the-network-is-the-computer-after-all dept.
Tom Henderson, Principal Researcher at ExtremeLabs Inc., is not a cloud fan. He is a staunch privacy advocate, and this is the root of his distrust of companies that store your data in their memories instead of yours. You can get an idea of his (dis)like of vague cloud privacy protections and foggy vendor service agreements from the fact that his Network World columnn is called Thumping the Clouds. We called Tom specifically to ask him about a column entry titled The downside to mass data storage in the cloud.

Today's video covers only part of what Tom had to say about cloud privacy and information security, but it's still an earful and a half. His last few lines are priceless. Watch and listen, or at least read the transcript, and you'll see what we mean.
Communications

Internet of Things Endangered By Inaccurate Network Time, Says NIST 166

Posted by Soulskill
from the turn-left-in-+/-3-minutes dept.
An anonymous reader writes: Current standards of network timekeeping are inadequate to some of the critical systems that are being envisaged for the Internet of Things, according to a report (PDF) by the National Institute of Standards and Technology (NIST). The report says, "A new economy built on the massive growth of endpoints on the internet will require precise and verifiable timing in ways that current systems do not support. Applications, computers, and communications systems have been developed with modules and layers that optimize data processing but degrade accurate timing." NIST's Chad Boutin likens current network accuracy to an attempt to synchronize watches via the postal system, and suggests that remote medicine and self-driving cars will need far higher standards in order not to put lives at risk. He says, "modern computer programs only have probabilities on execution times, rather than the strong certainties that safety-critical systems require."
United Kingdom

UK's GCHQ Admits To Using Vulnerabilities To Hack Target Systems 57

Posted by timothy
from the but-we're-your-friends dept.
Bismillah (993337) writes "Lawyers for the GCHQ have told the Investigatory Powers Tribunal in the UK that the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally. GCHQ is currently being taken to court by Privacy International and five ISPs from UK, Germany, the Netherlands, Zimbabwe and South Korea for CNE operations that the agency will not confirm nor deny as per praxis."
The Almighty Buck

Global Learning XPRIZE Senior Director Matt Keller Answers Your Questions 4

Posted by samzenpus
from the here-they-are dept.
A couple of weeks ago you had a chance to ask former Vice President of One Laptop per Child, and current Senior Director of the Global Learning XPRIZE Matt Keller about education and the competition. The XPRIZE challenges teams from around the world to develop open source software that will allow children in developing countries to teach themselves basic reading, writing and arithmetic with a Grand Prize of $10 million. Below you will find his answers to your questions.
Security

Ex-NSA Researcher Claims That DLL-Style Attacks Work Just Fine On OS X 93

Posted by timothy
from the it's-a-feature dept.
An anonymous reader writes Ex-NSA and NASA researcher Patrick Wardle claims to have developed a reliable technique of Shared Library replacement which renders Apple's OSX operating system just as vulnerable to exploitation as Windows has been (via its 'DLL' shared libraries) for years. Speaking at CanSecWest, Wardle explained that Apple's refusal to encrypt software downloads via its App Store allows an attacker on the same network to inject a malicious 'dylib' (shared library) without altering the hash of the legitimate-but-vulnerable software, thereby leaving the Developer ID signature intact. Wardle ran a crafted Python script on a typical Mac and discovered 150 dylib-dependent applications, including Apple's own Xcode developer environment — revealed last week by Edward Snowden to be a priority target for the NSA due to its ability to propagate compromised software.
Facebook

Nipples, Terrorism, and Sexual Descriptions - Facebook's List of Banned Content 134

Posted by samzenpus
from the standards-and-practices dept.
Mark Wilson writes Facebook has updated its Community Standards document, outlining the type of content that is not permitted on the social network. When it's not forcing people to reveal their real names, blocking 'offensive' content, or encouraging users to vote, Facebook is often to be found removing content that has been reported for one reason or another. But what's acceptable, and what's not? A little while back, the site revealed a simplified version of its privacy policy, and now the Community Standards document has received the same treatment. Facebook has set out the types of pictures that are permissible, along with specifying guidelines for other content.
Blackberry

BlackBerry's Latest Experiment: a $2,300 'Secure' Tablet 95

Posted by Soulskill
from the for-people-who-think-high-end-tablets-are-too-cheap dept.
An anonymous reader writes: After missing the boat on smartphones, BlackBerry has been throwing everything they can at the wall to see what sticks. From making square phones to insisting users want physical keyboards, their only standard is how non-standard they've become. Now they're expanding this strategy to the tablet market with a security-centric tablet that costs $2,300. And they're not doing it alone — the base device is actually a Samsung Galaxy Tab S 10.5. The tablet runs Samsung Knox boot tech, as well as software from IBM and encryption specialist Secusmart (which BlackBerry recently purchased). The device will be targeted at businesses and organizations who have particular need for secure devices.

"Organizations deploying the SecuTablet will be able to set policies controlling what apps can run on the devices, and whether those apps must be wrapped, said IBM Germany spokesman Stefan Hefter. The wrapping process—in which an app is downloaded from a public app store, bundled with additional libraries that encrypt its network traffic and intercept Android 'intents' for actions such as cutting or pasting data, then uploaded to a private app store—ensures that corporate data can be protected at rest, in motion and in use, he said. For instance, it can prevent data from a secure email being copied and pasted into the Facebook app running on the same device—yet allow it to be pasted into a secure collaboration environment, or any other app forming part of the same 'federation,' he said."
Crime

Wikipedia Entries On NYPD Violence Get Some Edits From Headquarters 135

Posted by timothy
from the trust-the-police dept.
First reported by Capital, and picked up by Reason, it seems that "Computers operating on the New York Police Department’s computer network at its 1 Police Plaza headquarters have been used to alter Wikipedia pages containing details of alleged police brutality." Computer users identified by Capital as working on the NYPD headquarters' network have edited and attempted to delete Wikipedia entries for several well-known victims of police altercations, including entries for Eric Garner, Sean Bell, and Amadou Diallo. Capital identified 85 NYPD addresses that have edited Wikipedia, although it is unclear how many users were involved, as computers on the NYPD network can operate on the department’s range of IP addresses. Besides edits to entries about specific instances of misconduct, edits from the same NYPD IP blocks were discovered in Wikipedia entries about the city's stop-and-frisk program and about NYPD misconduct more generally.
Programming

NTP's Fate Hinges On "Father Time" 287

Posted by samzenpus
from the time-will-tell dept.
Esther Schindler writes In April, one of the open source code movement's first and biggest success stories, the Network Time Protocol, will reach a decision point, writes Charlie Babcock. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks? Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.
The Internet

SpaceX Worried Fake Competitors Could Disrupt Its Space Internet Plan 115

Posted by Soulskill
from the give-us-all-the-spectrum dept.
Jason Koebler writes: The biggest impediment to SpaceX's plan to create a worldwide, satellite broadband network might not be the sheer technological difficulty of putting 4,000 satellites into space. Instead, outdated international and domestic regulations on satellite communications could stand in the way, according to a new Federal Communications Commission filing by the company. The company's attorneys wrote that the FCC might make it too easy for competitors to reserve communications bandwidth that they will never use. "Spectrum warehousing can be extremely detrimental and unprepared, highly speculative, or disingenuous applicants must be prevented from pursuing 'paper satellites' (or 'paper constellations'), which can unjustly obstruct and delay qualified applicants from deploying their systems."
Communications

GSM/GPS Tracking Device Found On Activist's Car At Circumvention Tech Festival 143

Posted by timothy
from the just-can't-catch-a-break-with-you-people dept.
vivaoporto writes A GSM/GPS tracking device was found this March 4 on an activist's car attending the Circumvention Tech Festival in Valencia, Spain, a festival that proposes to gather "the community fighting censorship and surveillance for a week of conferences, workshops, hackathons, and social gatherings, featuring many of the Internet Freedom community's flagship events." They are now asking for the internet tech community for help in order to identify the device. Below verbatim is the plea for help published on the Tor Project website. The fine article also contains pictures of the device.

"On March 4th, 2015, we found a tracking device inside of the wheel well of a car belonging to an attendee of the Circumvention Tech Festival in Valencia, Spain. This was reported in the local media.

If you have information about this device — please send information to jacob at appelbaum dot net using gpg.

The device was magnetically mounted inside of the left wheel well of the car. The battery is attached by cable to the tracking device. The battery was magnetically mounted to the frame of the car. The tracking device was similarly magnetically mounted. The device itself has an external magnetically mounted GPS antenna. It has a very simple free hanging GSM antenna. The device included a Movistar SIM card for GSM network access. The entire device was wrapped in black tape."
Security

Anthem Blocking Federal Auditor From Doing Vulnerability Scans 116

Posted by samzenpus
from the suspicious-behavior dept.
chicksdaddy writes Anthem Inc., the Indiana-based health insurer, has informed a federal auditor, the Office of Personnel Management, that it will not permit vulnerability scans of its network — even after acknowledging that it was the victim of a massive breach that leaked data on tens of millions of patients. According to this article, Anthem is citing "company policy" that prohibits third party access to its network in declining to let auditors from OPM's Office of the Inspector General (OIG) conduct scans for vulnerable systems. OPM's OIG performs a variety of audits on health insurers that provide health plans to federal employees under the Federal Employee Health Benefits Program, or FEHBP. Insurers aren't mandated to comply — though most do. This isn't Anthem's first time saying "no thanks" to the offer of a network vulnerability scan. The company also declined to let OIG scan its network in 2013. A partial audit report issued at the time warned that the company, then known as WellPoint, "provided us with conflicting statements" on issues related to information security, including Wellpoint's practices regarding regular configuration audits and its plans to shift to IBM's Tivoli Endpoint Manager (TEM) platform.
Wireless Networking

Flaw In GoPro Update Mechanism Reveals Users' Wi-Fi Passwords 35

Posted by timothy
from the oopsie dept.
An anonymous reader writes A vulnerability in the update mechanism for the wireless networks operated by GoPro cameras has allowed a security researcher to easily harvest over a 1,000 login credentials (including his own). The popular rugged, wearable cameras can be controlled via an app, but in order to do so the user has to connect to the camera's Wi-Fi network. Israel-based infosec expert Ilya Chernyakov discovered the flaw when he had to access the network of a friend's camera, but the friend forgot the login credentials.
Crime

Police Could Charge Data Center Operators In the Largest Child Porn Bust Ever 199

Posted by Soulskill
from the enforcing-due-diligence dept.
sarahnaomi sends this report from Motherboard: Canadian police say they've uncovered a massive online file sharing network for exploitative material that could involve up to 7,500 users in nearly 100 countries worldwide. But unlike past investigations into the distribution of child porn, which typically involve targeting suspects individually, police have instead seized over 1.2 petabytes of data ... from a data center responsible for storing the material, and may even attempt to lay criminal charges against its operators, too.

"What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material," Scott Tod, Deputy Commissioner of the Ontario Provincial Police (OPP), told Motherboard at a conference late last month, after speaking to a crowd of defense specialists. "They store it and they provide a secure website that you can log into, much like people do with illegal online gaming sites."
Google

Google Prepares To Enter Wireless Market As an MVNO 43

Posted by samzenpus
from the trying-something-different dept.
jfruh writes Google is getting into the wireless connectivity business, but that doesn't mean you'll be able to use them as your wireless connectivity provider any time soon. The company isn't building its own cell network, but will rather be a "mobile virtual network operator" offering services over existing networks. Google says it won't be a full-service mobile network in competition with existing carriers; instead, the MVNO will offer a platform through which it can experiment with new services for Android smartphones.
Government

Feds Admit Stingray Can Disrupt Bystanders' Communications 194

Posted by samzenpus
from the you're-breaking-up dept.
linuxwrangler writes The government has fought hard to keep details about use and effects of the controversial Stingray device secret. But this Wired article points to recently released documents in which the government admits that the device can cause collateral damage to other network users. The controversy has heated to the point that Florida senator Bill Nelson has made statements that such devices will inevitably force lawmakers to come up with new ways to protect privacy — a comment that is remarkable considering that the Stingray is produced by Harris Corporation which is headquartered in Nelson's home state.
Music

Ultra-Low Power Radio Transceiver Enables Truly Wireless Earbuds 110

Posted by samzenpus
from the all-the-better-to-hear-you-with dept.
First time accepted submitter irl_4795 writes At Mobile World Congress in Barcelona NXP Semiconductors will demonstrate Near Field Magnetic Induction technology in a truly wireless earbud including wireless audio streaming from ear to ear. From the article: "The wireless technology being used to enable truly wireless earbuds is based on Near Field Magnetic Induction (NFMI). NFMI features important properties such as ultra-low power consumption and the ability to create a very reliable network in and around the human body, with both high-quality audio and data streaming supported over small distances. An additional integration advantage is also that it requires few external components. NFMI is a short range technology and as such also creates a private network, making it is much less susceptible to interference than 2.4 GHz transceivers.
Security

Pharming Attack Targets Home Router DNS Settings 39

Posted by samzenpus
from the protect-ya-neck dept.
msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.