Hugh Pickens writes "John Markoff writes that an unsuccessful campaign against the Vatican by Anonymous, which did not receive wide attention at the time, provides a rare glimpse into the recruiting, reconnaissance, and warfare tactics used by the shadowy hacking collective and may be the first end-to-end record of a full Anonymous attack. The attack, called Operation Pharisee in a reference to the sect that Jesus called hypocrites, was initially organized by hackers in South America and Mexico and was designed to disrupt Pope Benedict XVI's visit to Madrid in August 2011 for World Youth Day and draw attention to child sexual abuse by priests. First the hackers spent weeks spreading their message through their own website and social sites like Twitter and Flickr calling on volunteers to download free attack software and imploring them to 'stop child abuse' by joining the cause. It took the hackers 18 days to recruit enough people, then a core group of roughly a dozen skilled hackers spent three days poking around the church's World Youth Day site looking for common security holes that could let them inside. In this case, the scanning software failed to turn up any gaps so the hackers turned to a brute-force approach of a distributed denial-of-service, On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day but did not crash the site. 'Anonymous is a handful of geniuses surrounded by a legion of idiots,' says Cole Stryker, an author who has researched the movement. 'You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.'"
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×
daria42 writes "Progress is happening rapidly in Australia, with the country's government continuing to roll out a nation-wide fibre network. However, the country's major telco Telstra doesn't appear to have quite gotten the message. Releasing its first National Broadband Network fibre broadband plans today, the telco stipulated that fibre customers will still be forced to make phone calls over the telco's existing copper network. Yup, that's right — fibre to people's houses, but phone calls over the copper network. Progress."
owenferguson writes "WikiLeaks has begun leaking a cache of over 5 million internal emails from the the Texas-headquartered 'global intelligence' company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal's Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the U.S. Department of Homeland Security, the U.S. Marines and the U.S. Defense Intelligence Agency. The associated news release can be found on pastebin."
New submitter spadadot writes "I am setting up a new event in France (Open du Web), where between 15 and 30 laptops running Ubuntu Linux will be available. They came with Windows preinstalled and it must stay for other purposes. I'd like to take care of only one of them (resize the hard drive, install Ubuntu, add additional software and apply custom settings) and effortlessly replicate everything to the others including hard drive resizing (unattended installation). After replicating, what should I do if I need to install new software or change some settings without manually repeating the same task on each one of them? Should I look into FAI, iPXE, Clonezilla, OCS Inventory NG? Other configuration management software? I would also like to reset the laptops to the original environment after the event."
An anonymous reader writes with word of the release earlier this week, after eight months of development, of DragonFly BSD 3.0. The release includes improved scalability through finer-grained locking, improvements to the HAMMER file system in low-memory configurations, and a TrueCrypt-compatible disk encryption system. DragonFly is an installable system, but it can also be run live from CD, DVD, or USB key.
wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."
An anonymous reader writes "Communications of the ACM is carrying two articles promoting the Capsicum security model developed by Robert Watson (FreeBSD — Cambridge) and Ben Laurie (Apache/OpenSSL, ChromeOS — Google) for thin-client operating systems such as ChromeOS. They demonstrate how Chrome web browser sandboxing using Capsicum is not only stronger, but also requires only 100 lines of code, vs 22,000 lines of code on Windows! FreeBSD 9.0 shipped with experimental Capsicum support, OpenBSD has patches, and Google has developed a Linux prototype." While the ACM's stories are both paywalled, the Capsicum project itself has quite a bit of information online in the form of various papers and a video, as well as links to (BSD-licensed) code and to various subprojects.
MojoKid writes "Fraunhofer IIS has chosen Mobile World Congress as the place to present the world's first Full-HD Voice mobile phone calls over an LTE network. Verizon Wireless has toyed with VoLTE (Voice over LTE) before, but this particular method enables mobile phone calls to sound as clear as talking to another person in the same room. Full-HD Voice is already established in several VoIP, video telephony and conferencing systems. However, this will mark the first time Fraunhofer's Full-HD Voice codec AAC-ELD has been integrated into a mobile communications system. Currently, the majority of phone calls are limited to the 3.5 kHz range, whereas humans are able to perceive audio signals up to 20 kHz. The Full-HD Voice codec AAC-ELD gives access to the full audible audio spectrum."
itwbennett writes "Conventional wisdom holds that more connections make networks more resilient, but a team of mathematicians at UC Davis have found that that is only true up to a point. The team built a model to determine the ideal number of cross-network connections. 'There are some benefits to opening connections to another network. When your network is under stress, the neighboring network can help you out. But in some cases, the neighboring network can be volatile and make your problems worse. There is a trade-off,' said researcher Charles Brummit. 'We are trying to measure this trade-off and find what amount of interdependence among different networks would minimize the risk of large, spreading failures.' Brummitt's team published its work (PDF) in the Proceedings of The National Academies of Science."
c0mpliant writes "Researchers at Symantec have identified a new variant of the ZeuS botnet which no longer requires a Command and Control server. The new variant uses a P2P system, which means that each bot acts like a C&C server, but none of them really are. The effect of which is that takedowns of such a network will be extremely difficult because there is no one central source to attack."
chicksdaddy writes "Tech-enabled filtering and blocking of Web sites and Internet addresses that are deemed hostile to repressive regimes has been a major political and human rights issue in the last year, as popular protests in Egypt, Tunisia, Libya and Syria erupted. Now it looks as if Pakistan's government is looking for a way to strengthen its hand against online content it considers undesirable. According to a request for proposals from the National ICT (Information and Communications and Technologies) R&D Fund, the Pakistani government is struggling to keep a lid on growing Internet and Web use and is looking for a way to filter out undesirable Web sites. The 'indigenous' filtering system would be 'deployed at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad,' the RFP reads (PDF). It would be 'centrally managed by a small and efficient team stationed at POPs of backbone providers,' and must be capable of supporting 100Gbps interfaces and filtering Web traffic against a block list of up to 50 million URLs without latency of more than 1 millisecond."
nonprofiteer writes "A profile of Facebook's CSO reveals that his 70-person security team includes 25 people dedicated solely to handling information requests from law enforcement. They get thousands of calls and e-mails from authorities each week, though Facebook requires police to get a warrant for anything beyond a subscriber's name, email and IP address. CSO Joe Sullivan says that some government agency tried to push Facebook to start collecting more information about their users for the benefit of authorities: 'Recently a government agency wanted us to start logging information we don't log. We told them we wouldn't start logging that piece of data because we don't need it to provide a good product. We talked to our general counsel. The law is not black-and-white. That agency thinks they can compel us to. We told them to go to court. They haven't done that yet.'"
An anonymous reader writes "The U.S. 11th Circuit Court of Appeals has found that forcing a suspect to decrypt his hard drive when the government did not already know what it contained would violate his 5th Amendment rights. According to Orin Kerr of the Volohk Conspiracy, 'the court's analysis (PDF) isn't inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion.'"
judgecorp writes "Nordic nations are all pitching for business from data centre owners, based on their countries' excellent network provision, plentiful electricity from renewable sources, and a climate where servers can be kept cool cheaply, using the ambient air temperature, with no need for chillers. A Swedish delegation is visiting California to lure other players to follow Facebook into Sweden. Meanwhile, Iceland now has a new multi-tenant data centre to join the existing Thor site, and Denmark has a container-park data centre for its financial industry."
Barence writes "PC Pro's Davey Winder has revealed how pre-school children are being targeted by data thieves. Security vendors have uncovered a bunch of Flash-based games, colorful and attractive to young kids, which came complete with a remote access trojan. The trojan is usually installed behind a button to download more free games, but BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the color of the virtual animal was enough to trigger redirection to an infected site."