Slashdot: News for nerds, stuff that matters

Super-Privacy-Protecting ISP In the Planning 184

Posted by samzenpus on Wednesday April 11, 2012 @06:03PM
from the secret-surfing dept.

h00manist writes "Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests.' He is now planning an ISP which would be built from the ground up for privacy. Everything encrypted, maximum technical and legal resistance to information requests. Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project. Kickstarter-like IndieGoGo has a project page."

HP Ships Switches With Malware Infected Flash Cards 50

Posted by samzenpus on Wednesday April 11, 2012 @05:20PM
from the bad-switches dept.

wiredmikey writes "HP has warned of a security vulnerability associated with its ProCurve 5400 zl switches that contain compact flash cards that the company says may be infected with malware. The company warned that using one of the infected compact flash cards in a computer could result in the system being compromised. According to HP, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory. This issue once again brings attention to the security of the electronics supply chain, which has been a hot topic as of late."

Apple Developing Tool To Remove Flashback 212

Posted by Unknown Lamer on Wednesday April 11, 2012 @09:31AM
from the macs-can't-get-viruses dept.

Trailrunner7 writes, quoting Threatpost: "Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. ... Apple said on Tuesday that it was in the process of developing a tool that would detect and remove Flashback, but the company did not specify when the fix would be available. Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."

Interview With TSA Screener Reveals 'Fatal Flaws' 582

Posted by Soulskill on Wednesday April 11, 2012 @08:12AM
from the my-toothpaste-is-not-a-deadly-weapon-you-jerks dept.

OverTheGeicoE writes "Jonathan Corbett, creator of the video showing that TSA's body scanners can't see metal objects on our sides, has a new video out. This time he's interviewing an experienced TSA screener identified only as 'Jennifer,' and her allegations point to 'fatal flaws' in TSA and its procedures. Worse, TSA's screeners are well aware of these flaws. According to Jennifer, body scanners frequently fail to detect objects on passengers, and this flaw is well known to the screeners on the job. People with visible items in their pockets can pass through scanners without detection, even when the items are simulated weapons or explosives. Jennifer also alleges that training for screeners is severely lacking. Screeners are directed to operate body scanners, even the X-ray scanners, without any training whatsoever. The manual of standard operating procedures often can't be found at the checkpoints, let alone read. Jennifer was so alarmed by what she experienced that she wrote her congressional representative to complain. She was ultimately fired as a result, effective yesterday."

McAfee Claims Successful Insulin Pump Attack 196

Posted by Soulskill on Tuesday April 10, 2012 @06:10PM
from the as-if-we-needed-more-biological-vulnerabilities dept.

judgecorp writes "Intel security subsidiary McAfee has claimed a successful wireless attack on insulin pumps that diabetics rely on to control blood sugar. While previous attempts to attack insulin pumps have met with mixed success, McAfee's Barnaby Jack says he has persuaded an insulin pump to deliver 45 days worth of insulin in one go, without triggering the pump's vibrating alert safety feature. All security experts still say that surgical implants are a benefit overall."

Apple Snubs Security Firm That Spotted Mac Botnet 409

Posted by Soulskill on Tuesday April 10, 2012 @01:48PM
from the doesn't-play-well-with-others dept.

Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"

MythTV 0.25 Released, New HW Acceleration and Audio Standards Support 144

Posted by timothy on Tuesday April 10, 2012 @12:43PM
from the now-that's-some-conservative-numbering dept.

unts writes "The highly configurable Linux PVR, MythTV, has reached the 0.25 release, over 500 days after the previous full release. New features include VAAPI support, E-AC3, TrueHD, and DTS-HD audio, the ability to control other home entertainment devices via HDMI CEC and additions to the API to allow HTTP live streaming. The release notes for 0.25 don't reflect the release status at the time of writing, but should contain most of the relevant changes. MythTV can be used as a backend (recorder) and frontend (viewer), but can also feed other frontends such as appropriate versions of XBMC. Hopefully the new HTTP streaming API will lead to even more ways to get your video fix."

Medicaid Hack Update: 500,000 Records and 280,000 SSNs Stolen 64

Posted by timothy on Tuesday April 10, 2012 @09:24AM
from the needs-more-government-regulation dept.

An anonymous reader writes "Utah's Medicaid hack estimate has grown a second time. This time we have gone from over 180,000 Medicaid and Children's Health Insurance Plan (CHIP) recipients having their personal information stolen to a grand total of 780,000. More specifically, the state now says approximately 500,000 victims had sensitive personal information stolen and 280,000 victims had their Social Security numbers (SSNs) compromised."

Heartland Security Breach Class Action: Victims $1925, Lawyers $600,000 163

Posted by Unknown Lamer on Tuesday April 10, 2012 @08:03AM
from the not-sure-why-timothy-came-back-to-slashdot dept.

Fluffeh writes "Back in 2007, Heartland had a security breach that resulted in a 130 million credit card details being lifted. A class action suit followed and many thought it would send a direct message to business to ensure proper security measures protecting their clients and customers. With the Heartland case now over and settlements paid out and divided up, the final breakdown is as follows: Class members: $1925 (11 cases out of 290 filed were 'valid'). Lawyers for the plaintiff class action: $606,192. Non-Profits: around $1,000,000 (The Court ruled a minimum of $1 million in payouts). Heartland also paid its own lawyers around $2 million. Eric Goldman (Law Professor) has additional commentary on his Law Blog: 'The opinion indicates Heartland spent $1.5M to advertise the settlement. Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).'"

FBI Says American Universities Infiltrated by Spies 418

Posted by Unknown Lamer on Tuesday April 10, 2012 @05:05AM
from the cold-war-2.0 dept.

An anonymous reader writes, using various bits of the article: "While most international students, researchers and professors come to the U.S. for legitimate reasons, universities are an 'ideal place' for foreign intelligence services 'to find recruits, propose and nurture ideas, learn and even steal research data, or place trainees,' according to a 2011 FBI report. Tretyakov was quoted as saying, 'We often targeted academics because their job was to share knowledge and information by teaching it to others, and this made them less guarded than, say, UN diplomats.' China has 'lots of students who either are forced to or volunteer to collect information,' he said. 'I've heard it said, "If it wanted to steal a beach, Russia would send a forklift. China would send a thousand people who would pick up a grain of sand at a time."' China also has more than 3,000 front companies in the U.S. 'for the sole purpose of acquiring our technology,' said former CIA officer S. Eugene Poteat."

FBI Says Smart Meter Hacks Are Likely To Spread 189

Posted by Soulskill on Monday April 09, 2012 @01:50PM
from the ignorance-is-bliss dept.

tsu doh nimh writes "A series of hacks perpetrated against so-called 'smart meter' installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in cyber intelligence bulletin first revealed today. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology."

IT Calls of Shame 256

Posted by samzenpus on Monday April 09, 2012 @12:50PM
from the is-your-screen-on? dept.

snydeq writes "InfoWorld's JR Raphael offers up six memorable tales of trouble and triumph from the tech support desk. 'Working in tech support is a bit like teaching preschool: You're an educator who provides reassurance in troubling times. You share knowledge and help others overcome their obstacles. And some days, it feels like all you hear is screaming, crying, and incoherent babble.' Pronoun problems, IT ghosts, the runaway mouse — when it comes to computers, the customer isn't always right."

SMS-Controlled Malware Hijacking Android Phones 94

Posted by samzenpus on Monday April 09, 2012 @12:28PM
from the Taking-over dept.

wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"

Company Designs "Big Brother Chip" 166

Posted by samzenpus on Monday April 09, 2012 @08:52AM
from the me-and-my-shadow dept.

Taco Cowboy writes "Here comes a chip that can pinpoint you in-door and out, it can even tell others on which floor of a building you are located. It's the Broadcom 4752 chip. It takes signals from global navigation satellites, cell phone towers, and Wi-Fi hot spots, coupled with input from gyroscopes, accelerometers, step counters, and altimeters The company calls abilities like this 'ubiquitous navigation,' and the idea is that it will enable a new kind of e-commerce predicated on the fact that shopkeepers will know the moment you walk by their front door, or when you are looking at a particular product, and can offer you coupons at that instant."

Mercedes Can Now Update Car Software Remotely 228

Posted by timothy on Monday April 09, 2012 @05:03AM
from the new-context-for-blackmail dept.

MatthewVD writes "Our cars run millions of lines of code that need constant and, often, critical updates. Jim Motavalli writes that Mercedes-Benz's new mbrace2 'cloud infotainment system' has a secret capability: it can update software automatically and wirelessly. In a process called 'reflashing,' the Mercedes system turns on the car operating system (CU), downloads the new application, then cuts itself off. With companies like Fisker paying dearly for constant recalls for software problems, automakers will likely rush to embrace this technology. No more USBs in the dashboard!"

2010	Conservative Textbook Curriculum Passes Final Vote In Texas	895 comments
2006	Gonzales Says Publishing Leaks Is A Crime	889 comments
2005	Review: Star Wars Episode III	1265 comments
2003	Computing's Lost Allure	822 comments
2002	A First Look at Netscape 7	714 comments