Trailrunner7 writes "Controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack. The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters' sites. Targets included WikiLeaks' news aggregation site and its donations infrastructure, which it calls the Fund for Network Neutrality. A few days ago the organization posted a statement describing what it surmised was a DNS amplification attack. 'Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to, the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.'"
Slashdot is powered by your submissions, so send in your scoop
An anonymous reader writes "Researchers at Kaspersky Lab are asking the public for help in cracking an encrypted warhead that gets delivered to infected machines by the recently discovered Gauss malware toolkit. They're publishing encrypted sections and hashes in the hope that cryptographers will be able to help them out." Adds reader DavidGilbert99: "The so-called Godel module is targeting a specific machine with specific system configurations, and Kaspersky believes the victim is likely a high-profile target. The decryption key, Kaspersky believes, will be derived from these specific system configurations, and so far it has been unable to find out what they are."
An anonymous reader writes "I have been assigned the task of finding a software package to automate the management of grades in a high school. It does not need to be a complete system, but rather just manage grading calculations and printing of report cards. The management of grades is currently done using spreadsheets. What are some open source options to handle this situation?"
In the wake of the hacking of Mat Honan's accounts, Google, Facebook, Amazon, and Apple are just a few of the companies making their security policies tougher, and they are advising people to do the same. From the article: "Even as those companies’ teams moved to patch the holes, others moved to offer security tips. Matt Cutts, head of Google’s Webspam team, used his personal Website to urge Gmail users to embrace two-factor authentication. 'Much of the story is about Amazon or Apple’s security practices, but I would still advise everyone to turn on Google’s two-factor authentication to make your Gmail account safer and less likely to get hacked,' he wrote in the August 6 posting."
zacharye writes "In the five years since Apple launched the iPhone, the popular device has gone from a malicious hacker's dream to law enforcement's worst nightmare. As recounted by the Massachusetts Institute of Technology's Technology Review blog, a Justice Department official recently took the stage at the DFRWS computer forensics conference in Washington, D.C. and told attendees that the beefed up security in iOS is now so good that it has become a nightmare for law enforcement."
theodp writes "The NYT's Steve Lohr reports that his has been the crossover year for Big Data — as a concept, term and marketing tool. Big Data has sprung from the confines of technology circles into the mainstream, even becoming grist for Dilbert satire ('Big Data lives in The Cloud. It knows what we do.'). At first, Jim Davis, CMO at analytics software vendor SAS, viewed Big Data as part of another cycle of industry phrasemaking. 'I scoffed at it initially,' Davis recalls, noting that SAS's big corporate customers had been mining huge amounts of data for decades. But as the vague-but-catchy term for applying tools to vast troves of data beyond that captured in standard databases gained world-wide buzz and competitors like IBM pitched solutions for Taming The Big Data Tidal Wave, 'we had to hop on the bandwagon,' Davis said (SAS now has a VP of Big Data). Hey, never underestimate the power of a meme!"
Jeremiah Cornelius writes with a note that on Thursday of this week "The Electronic Privacy Information Center posted a brief and detailed notice about the removal of a petition regarding security screenings by the TSA at US airports and other locations. 'At approximately 11:30 am EDT, the White House removed a petition about the TSA airport screening procedures from the White House 'We the People' website. About 22,500 of the 25,000 signatures necessary for a response from the Administration were obtained when the White House unexpectedly cut short the time period for the petition. The site also went down for 'maintenance' following an article in Wired that sought support for the campaign."
wiredmikey writes "A new malware intelligence system developed at Georgia Tech Research Institute is helping organizations share threat intelligence and work together to understand malware and cyber attacks. Dubbed "Titan", the system lets members submit threat data and collaborate on malware analysis and classification. Unlike some other systems, members contribute data anonymously so no one would know which specific organizations had been affected by a specific attack. Titan users also get reports on malware samples they have submitted, such as the potential harm, the likely source, the best remedy, and the risks posed by the sample. The analysis is based on what GTRI researchers learn by reverse-engineering the malware. The project currently analyzes and classifies an average of 100,000 pieces of malicious code each day and growing. While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan."
An anonymous reader writes "As we (very gradually) move away from feudal, leader-based forms of governance to collaborative and open source governance, some interesting new issues arise. The biggest is usually user authentication: how can we avoid sock-puppets and spammers from overtaking the voting process? Enter the concept of the streetwiki, an ingenious system for having humans validate their physical neighbors. Bleeding-edge social organization meets ancient validation protocol."
SternisheFan snips this news from Tech Radar: "The Surface tablets that Microsoft will start selling on 26 October at Microsoft Stores (and in temporary 'holiday stores' in twelve US cities including New York) are only the first of a planned family of Windows devices and Surface 2.0 is already under development. Although Microsoft corporate communications chief Frank Shaw said recently that calling Surface 'our new family of PCs built to be the ultimate stage for Windows' was no more than 'literary licence' and that there was nothing more than the two tablets already announced, the Surface team is 'currently building the next generation' of 'devices that fully express the Windows vision' — according to more than a dozen job adverts posted on the Microsoft Careers site between June and August."
New submitter rabok writes "If a Microsoft job posting can be believed, we are set to get a new Xbox on store shelves by March 2014 at the latest. Regardless of when it does eventually arrive, it seems an image claiming to be the output of a Kinect 2 has hit the web by a user on twitter. Kinect 2 is expected to be much more accurate — even able to see individual fingers, read lips, and gauge moods. This image seems to back up that improvement in both depth perception and the ability to distinguish individual fingers."
An anonymous reader writes "I know most people use backup services in the cloud now, off-site, but does anyone have good ideas on how to best protect data without it leaving the site? I'm a photographer and, I shoot 32GB to 64GB in a couple of hours. I've accumulated about 8TB of images over the past decade and just can't imagine paying to host them somewhere off-site. I don't make enough money as it is. Currently I just redundantly back them up to hard drives in different rooms of my house, but that's a total crapshoot — if there's a fire, I'd be out of luck. Does anyone keep a hard disk or NAS inside a fireproof safe? In a bunker in the cellar? In the detached garage? It's so much data that even doing routine backups bogs the system down for days. I'd love suggestions, especially from gamers or videographers who have TBs of data they need to back up, on what options there are with a limited budget to maximize protection."
OverTheGeicoE writes "Why is it that airport security never seems to change in the United States? Perhaps it's because most Americans think the TSA is doing a 'good job,' according to a surprise Gallup poll, allegedly commissioned by no one but the kind editors at Gallup. The poll found that 54% of Americans believe the TSA is doing a good or excellent job, and that 57% have a good or excellent opinion of the agency. So why all the criticism? According to the article, criticism of the TSA comes primarily from 'Internet sites, where reporting standards are generally not at the same level as newspapers, where reporters are taught to consider what is told to them with skepticism and to seek responses to charges.' Furthermore, 'the TSA is put into a difficult situation when such charges are posted with little or no fact checking by reporters.' Other sources, of course, have different interpretations of Gallup's results, including questions about whether the poll was biased. If Americans secretly do love the TSA, that could explain why the recent whitehouse.gov petition failed to gather enough signatures for a 'response.' In fact, you'll find so little information about the petition remains on whitehouse.gov that you'll wonder if my link is correct. And these are not the droids you're looking for. Move along."
CowboyRobot writes "Last week, a bug in high-frequency trading software from Knight Capital Group resulted in erroneous trades costing almost a half-billion dollars. So, what went wrong and how can they, or any other software developer, prevent something similar from happening again? In hindsight, it's clear that the developers did not verify the code under enough conditions. But the real issue is how these high-frequency trades work in the first place. Robert Dewar at Dr. Dobb's suggests the financial industry needs to take a page from the avionics rulebook, which has very strict guidelines about what code can be implemented due to the high cost of failure in that field. 'High-frequency automated trading is not avionics flight control, but the aviation industry has demonstrated that safe, reliable real-time software is possible, practical, and necessary. It requires appropriate development technology and processes as well as a culture that thinks in terms of safety (or reliability) first. That is the real lesson to be learned from last week's incident. It doesn't come for free, but it certainly costs less than $440M.'"