Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Communications

In Brazil, Trees To Call For Help If Illegally Felled 130

Posted by timothy
from the do-you-read-me-over dept.
Damien1972 writes "The Brazilian government has begun fixing trees in the Amazon rainforest with a wireless device, known as Invisible Tracck, which will allow trees to contact authorities once they are felled and moved. Here's how it works: Brazilian authorities fix the Invisible Tracck onto a tree. An illegal logger cuts down the tree and puts it onto a truck for removal, unaware that they are carrying a tracking device. Once Invisible Tracck comes within 20 miles (32 kilometers) of a cellular network it will 'wake up' and alert authorities."
Security

Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland 171

Posted by timothy
from the in-iceland-they-get-massages dept.
An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland."
Government

GAO Finds US Military's Critical Technologies List Outdated, Useless 71

Posted by timothy
from the things-belonging-to-the-emperor dept.
chicksdaddy writes "The U.S. Department of Defense has stopped updating its main reference list of vital defense technologies that are banned from export, according to a new report from the Government Accountability Office (GAO), The Security Ledger reports. The Militarily Critical Technologies List (MCTL) is used to identify technologies that are critical to national defense and that require extra protection — including bans on exports and the application of anti-tamper technology. GAO warned six years ago that the Departments of State and Commerce, which are supposed to use the list, found it too broad and outdated to be of much use. The latest report (GAO 13-157) finds that the situation has worsened: budget cuts forced the DOD to largely stop updating and grooming the list in 2011. Sections on emerging technologies are outdated, while other sections haven't been updated since 1999. Without the list to rely on, the DOD has turned to a hodgepodge of other lists, while officials in the Departments of State and Commerce who are responsible for making decisions about whether to allow a particular technology to be exported have turned to ad-hoc networks of subject experts. Other agencies are looking into developing their own MCTL equivalents, potentially wasting government resources duplicating work that has already been done, GAO found."
Businesses

Ask Slashdot: Job Search Or More Education? 182

Posted by Soulskill
from the can't-it-be-both dept.
Matt Steelblade writes "I've been in love with computers since my early teens. I took out books from the library and just started messing around until I had learned QBasic, then Visual Basic 5, and how to take apart a computer. Fast forward 10 years. I'm a very recent college graduate with a BA in philosophy (because of seminary, which I recently left). I want to get into IT work, but am not sure where to start. I have about four years experience working at a grade/high school (about 350 computers) in which I did a lot of desktop maintenance and some work on their AD and website. At college (Loyola University Chicago) I tried to get my hands on whatever computer courses I could. I ended up taking a python course, a C# course, and data structures (with python). I received either perfect scores or higher in these courses. I feel comfortable in what I know about computers, and know all too well what I don't. I think my greatest strength is in troubleshooting. With that being said, do I need more schooling? If so, should I try for an associate degree (I have easy access to a Gateway technical college) or should I go for an undergraduate degree (I think my best bet there would be UW-Madison)? If not, should I try to get certified with CompTIA, or someone else? Or, would the best bet be to try to find a job or an internship?"
Windows

Hacker Bypasses Windows 7/8 Address Space Layout Randomization 208

Posted by Soulskill
from the just-a-matter-of-time dept.
hypnosec writes "Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8, but it seems this mechanism to prevent hackers from jumping to a known memory location can be bypassed. A hacker has released a brilliant, yet simple trick to circumvent this protection. KingCope, a hacker who released several exploits targeting MySQL in December, has detailed a mechanism through which the ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space."
Google

Thousands of Publicly Accessible Printers Searchable On Google 192

Posted by Soulskill
from the message-in-a-bottle-on-the-digital-ocean dept.
Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."
Security

10 Years After SQL Slammer 58

Posted by Soulskill
from the lesson-learned dept.
Trailrunner7 writes "Ten years ago today, on Jan. 25, 2003, a new worm took the Internet by storm, infecting thousands of servers running Microsoft's SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. This is the inside story of SQL Slammer, told by David Litchfield, the researcher who found the bug and wrote the exploit code that was later taken by Slammer's authors and used as part of the worm."
Encryption

Github Kills Search After Hundreds of Private Keys Exposed 176

Posted by Soulskill
from the take-care-what-you-make-public dept.
mask.of.sanity writes "Github has killed its search function to safeguard users who were caught out storing keys and passwords in public repositories. 'Users found that quite a large number of users who had added private keys to their repositories and then pushed the files up to GitHub. Searching on id_rsa, a file which contains the private key for SSH logins, returned over 600 results. Projects had live configuration files from cloud services such as Amazon Web Services and Azure with the encryption keys still included. Configuration and private key files are intended to be kept secret, since if it falls into wrong hands, that person can impersonate the user (or at least, the user's machine) and easily connect to that remote machine.' Search links popped up throughout Twitter pointing to stored keys, including what was reportedly account credentials for the Google Chrome source code repository. The keys can still be found using search engines, so check your repos."
Businesses

Cisco Exits the Consumer Market, Sells Linksys To Belkin 284

Posted by samzenpus
from the circle-of-business-life dept.
Krystalo writes "Belkin on Thursday announced plans to acquire Cisco's Home Networking Business Unit, including its products, technology, employees, and even the well-known Linksys brand. Belkin says it plans to maintain the Linksys brand and will offer support for Linksys products as part of the transaction, financial details for which were not disclosed. This should be a relatively smooth transition that won't affect current customers: Belkin says it will honor all valid warranties for current and future Linksys products. After the transaction closes, Belkin will account for approximately 30 percent of the U.S. retail home and small business networking market."
Microsoft

Privacy Advocates Demand Transparency From Skype 95

Posted by samzenpus
from the pay-no-attention-to-the-man-behind-the-curtain dept.
tsamsoniw writes "Dozens of privacy advocates, Internet activists, and journalists have issued an open letter to Skype and Microsoft, calling on the companies to finally get around to being clear and transparent as to who has access to Skype user data and how that data is secured. 'Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place,' reads the letter, signed by such groups as the Digital Rights Foundation and the Electronic Frontier Foundation."
Crime

UK Anonymous Hacktivists Get Jail Time 96

Posted by timothy
from the sadly-taking-up-room-for-spammers dept.
twoheadedboy writes "Two members of the Anonymous hacking collective have been handed a total of 25 months in prison. Christopher Weatherhead, a 22-year-old who went under the pseudonym Nerdo, received the most severe punishment — 18 months in prison. Another member, Ashley Rhodes, was handed seven months, whilst Peter Gibson was given a six-month suspended sentence. They were convicted for hitting a variety of websites, including those belonging to PayPal and MasterCard."
Networking

Barracuda Appliances Have Exploitable Holes, Fixed By Firmware Updates 88

Posted by timothy
from the unless-you-like-them-that-way dept.
Orome1 writes "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances." Here's Barracuda's tech note about the exploitable holes.
Businesses

Sony Fined In UK For PlayStation Network Hack 86

Posted by timothy
from the that's-barely-a-bonus-for-ceos dept.
Sockatume writes "The UK's information protection authority, the ICO, has fined Sony for failing to adequately secure the information of PlayStation Network users. The investigation was triggered by a 2011 security breach, during which personally identifying information (including password hashes) was recovered from a Sony database where it had been stored without encryption. In the ICO's view Sony's security measures were inadequate, and the attack could have been prevented. The £250,000 (ca. $400,000) fine, the largest the ICO has ever imposed, is equivalent to a few pennies per affected user. Sony disagrees with the ICO's decision and intends to appeal."
Education

CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era" 248

Posted by samzenpus
from the getting-up-to-speed dept.
An anonymous reader writes "The Security Ledger writes that the expulsion of Ahmed Al-Khabaz, a 20-year-old computer sciences major at Dawson College in Montreal, has exposed a yawning culture gap between academic computer science programs and the contemporary marketplace for software engineering talent. In an opinion piece in the Montreal Gazette on Tuesday, Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.' In the meantime, Al-Khabaz has received more than one job offer from technology firms, including Skytech, the company that makes Omnivox. Chris Wysopal, the CTO of Veracode, said that the incident shows that 'most computer science departments are still living in the pre-Internet era when it comes to computer security.' 'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,' he said. 'Teaching students how to write applications without taking into account the hostile environment of the Internet is like teaching architects how to make buildings without taking into account environmental conditions like earthquakes, wind and rain,' Wysopal said."

Mr. Cole's Axiom: The sum of the intelligence on the planet is a constant; the population is growing.

Working...