Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Security

Ask Slashdot: Using Company Laptop For Personal Use 671

Posted by samzenpus
from the in-the-privacy-of-your-own-home dept.
An anonymous reader writes "I'm starting a new job soon, and I will be issued a work laptop. For obvious reasons I cannot name any names, but I can state that I do expect my employer to have tracking software on the laptop, and I expect to not be the administrator on the device. That being said, I am not the kind of person who can just 'not browse the internet.' If I ever have to travel with this laptop, I may want to read an ebook or watch a movie or maybe even play a game. I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it. I can use portable apps off a usb key and browse in private mode. The machine will be encrypted, but I can also make myself my own little encrypted folder or partition perhaps. Are there any other precautions I could or should take?"
Encryption

Anonymous, Decentralized and Uncensored File-Sharing Is Booming 308

Posted by Soulskill
from the can't-stop-the-signal dept.
PatPending writes with this excerpt from TorrentFreak: "The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend. In other words, it's a true Darknet and virtually impossible to monitor by outsiders. RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there's been a surge in downloads. 'The interest in RetroShare has massively shot up over the last two months,' he said."
Botnet

Anonymous Supporters Tricked Into Installing Trojan 184

Posted by Soulskill
from the if-you-can't-beat-'em-subsume-'em dept.
dsinc sends this quote from a Symantec report: "In 2011, dozens of Anonymous members who participated in distributed denial-of-service (DDoS) attacks in support of Anonymous hacktivism causes were arrested. In these DDoS attacks, supporters using the Low Orbit Ion Cannon denial-of-service (DoS) tool would voluntarily include their computer in a botnet for attacks in support of Anonymous. In the wake Anonymous member arrests this week, it is worth highlighting how Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks. The Zeus client does perform DoS attacks, but it doesn’t stop there. It also steals the users' online banking credentials, webmail credentials, and cookies. The deception of Anonymous supporters began on January 20, 2012, the day of the FBI Megaupload raid."
Transportation

Car Hacking Concerns On the Rise 95

Posted by Soulskill
from the except-among-car-manufacturers dept.
Pat Attack writes "I think most of the people who read Slashdot know that if it has circuitry, it can be hacked. Well, the good folks over at CNN have an article about the potential for your car to be hacked. This article lists the potential damage that could be done, proof of concept work, as well as a few scary scenarios. 'With vehicles taking up to three years to develop, [security strategist Brian Contos] says manufacturers will struggle to keep abreast of rapidly-evolving threats unless they organize regular software updates. Instead, he says, any installed technology should be given a so-called "white list" of permissible activities beyond which any procedures are blocked.' My mom reads CNN and is a Luddite. I expect to hear from her today. She'll probably tell me my new car with bluetooth is unsafe."
Privacy

Startup Wants To Peek Through Your Home's Wired Cameras 186

Posted by Soulskill
from the nope-nope-nope dept.
alphadogg writes "The little cameras in your home are multiplying. There are the ones you bought, perhaps your SLR or digital camera, but also those that just kind of show up in your current phone, your old phone, your laptop, your game console, and soon your TV and set-top box. Varun Arora, founder of startup GotoCamera in Singapore, wants you to turn them all on and let his company's algorithms analyze what they show, then sell the results as marketing data, in a sort of visual version of what Google and other firms do with search results and free email services."
Government

Voting System Test Hack Elects Futurama's Bender To School Board 210

Posted by Soulskill
from the bite-my-shiny-metal-ballot dept.
mr crypto writes with this quote from El Reg: "In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election. 'It was too good an opportunity to pass up,' explained Professor Alex Halderman from the University of Michigan. 'How often do you get the chance to hack a government network without the possibility of going to jail?' With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours. They figured out a way of writing output to the images directory (PDF) on the compromised server, and of encrypting traffic so that the front-end intrusion detection system couldn't spot them. The team also managed to guess the login details for the terminal server used by the voting system. ... The team altered all the ballots on the system to vote for none of the nominated candidates. They then wrote in names of fictional IT systems as candidates, including Skynet and (Halderman's personal favorite) Bender for head of the DC school board."
Electronic Frontier Foundation

Why is the EFF at the RSA Security Conference? (Video) 34

Posted by Roblimo
from the all-hail-the-mighty-Electronic-Frontier-Foundation dept.
Timothy asked Electronic Frontier Foundation (EFF) International Outreach Coordinator Maira Sutton that very question. Watch the video for her answer. It turns out that the EFF has lots of friends among RSA ("the most comprehensive forum in information security") attendees, and has some very good reasons to be there, in the midst of companies and government agencies that Timothy thinks might not only violate your privacy once in a while, but (gasp!) might even enjoy it.
Android

NSA Publishes Blueprint For Top Secret Android Phone 172

Posted by samzenpus
from the you-keep-using-that-word-I-do-not-think-it-means-what-you-think-it-means dept.
mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."
China

US, China Face Mutually Assured Destruction In Cyberwar 110

Posted by Unknown Lamer
from the bad-movie-plot dept.
chicksdaddy writes with a tidbit from the RSA conference. From the article: "A panel of security and policy experts speaking at the RSA Conference in San Francisco on Wednesday said that, despite dire warnings about the information warfare capabilities of China and other developing nations, the risk of an all-out cyberwar is remote, and that the U.S. still holds many of the cards. Rather than trying to deliver a knock-out cyberwar capability, the U.S. should embrace the Cold War notions of containment and mutually assured destruction with advanced nations like China and Russia. Tried and true methods to win security from cyberattacks include international diplomacy, multilateral agreements that clarify the parameters for peaceful and hostile cyberactions and — of course — a strong offensive capability."
ISS

Stolen NASA Laptop Had Space Station Control Code 79

Posted by Soulskill
from the a-bit-more-serious-than-an-iphone-prototype dept.
astroengine writes "NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station, the agency's inspector general told Congress Wednesday. According to his statement (PDF), 'These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.'"
Bug

Azure Failure Was a Leap Year Glitch 247

Posted by timothy
from the azure-wish-they'd-looked-at-a-calendar dept.
judgecorp writes "Microsoft's Windows Azure cloud service was down much of yesterday, and the cause was a leap year bug as the service failed to handle the 29th day of February. Faults propagated making this a severe outage for many customers, including the UK Government's recently launched G-cloud service."
Security

Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video) 74

Posted by Roblimo
from the monitor-your-people-without-them-ever-finding-out dept.
Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.
Google

Google Privacy Policy Could Violate EU Law 135

Posted by samzenpus
from the do-not-want dept.
judgecorp writes "Google's new unified privacy policy could violate EU law, according to objections. The French data regulator warns that the policy will infringe users' privacy by building a single online profile. Commission Nationale de L’informatique et Des Libertes (CNIL) has expressed “deep concerns” about the policy and its adherence to the European Data Protection Directive."
Government

Wikileaks and Anonymous Join Forces Against US Intelligence Community 268

Posted by samzenpus
from the when-our-powers-combine dept.
pigrabbitbear writes "The most recent bombshell of confidential documents dropped by infamous watchdog organization Wikileaks is already looking to have an enormous impact on our understanding of government security practices. Specifically, intimate details on the long-suspected fact that the U.S. has been paying a whole lot of money to have private corporations spy on citizens, activists and other groups and individuals on their ever-expanding, McCarthy-style naughty list. But perhaps more importantly, the docs demonstrate something very interesting about the nature of U.S. government intelligence: They haven't really got much of it."
Privacy

EFF's HTTPS Everywhere Detects and Warns About Cryptographic Vulnerabilities 46

Posted by samzenpus
from the protect-ya-neck dept.
Peter Eckersley writes "EFF has released version 2 of the HTTPS Everywhere browser extension for Firefox, and a beta version for Chrome. The Firefox release has a major new feature called the Decentralized SSL Observatory. This optional setting submits anonymous copies of the HTTPS certificates that your browser sees to their Observatory database allowing them to detect attacks against the web's cryptographic infrastructure. It also allows us to send real-time warnings to users who are affected by cryptographic vulnerabilities or man-in-the-middle attacks. At the moment, the Observatory will send warnings if you connect to a device has a weak private key due to recently discovered random number generator bugs."

What this country needs is a good five dollar plasma weapon.

Working...