Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

China

Wall Street Journal Hit By Chinese Hackers, Too 92

Posted by samzenpus
from the join-the-party dept.
wiredmikey writes "The Wall Street Journal said Thursday its computers were hit by Chinese hackers, the latest U.S. media organization citing an effort to spy on its journalists covering China. The Journal made the announcement a day after The New York Times said hackers, possibly connected to China's military, had infiltrated its computers in response to its expose of the vast wealth amassed by a top leader's family. The Journal said in a news article that the attacks were 'for the apparent purpose of monitoring the newspaper's China coverage' and suggest that Chinese spying on U.S. media 'has become a widespread phenomenon.'"
Businesses

Amazon.com Suffers Outage: Nearly $5M Down the Drain? 173

Posted by timothy
from the what-is-the-richter-scale-for-net-outages? dept.
First time accepted submitter Brandon Butler writes "Amazon.com, the multi-billion online retail website, experienced an outage of unknown proportions on Thursday afternoon. Rumblings of an Amazon.com outage began popping up on Twitter at about 2:40 PM ET. Multiple attempts to access the site around 3:15 PM ET on Thursday were met with the message: 'Http/1.1 Service Unavailable.' By 3:30 PM ET the site appeared to be back online for at least some users. How big of a deal is an hour-long Amazon outage? Amazon.com's latest earnings report showed that the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour." Update: 01/31 22:25 GMT by T : "Hackers claim credit."
Security

Turning the Belkin WeMo Into a Deathtrap 146

Posted by timothy
from the they-keep-poltergeisting-me! dept.
Okian Warrior writes "As a followup to yesterday's article detailing 50 Million Potentially Vulnerable To UPnP Flaws, this video shows getting root access on a Belkin WeMo remote controlled wifi outlet. As the discussion notes, remotely turning someone's lamp on or off is not a big deal, but controlling a [dry] coffeepot or space heater might be dangerous. The attached discussion also points out that rapidly cycling something with a large inrush current (such as a motor) could damage the unit and possibly cause a fire." In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?
Communications

FTC Gets 744 New Ideas On How To Hang Up On Robocallers 281

Posted by timothy
from the I'd-prefer-starving-them-in-a-cage dept.
coondoggie writes "The Federal Trade Commission today said the submission period for its Robocall Challenge had ended and it got 744 new ideas for ways to shut down the annoying automated callers. The FTC noted that the vast majority of telephone calls that deliver a prerecorded message trying to sell something to the recipient are illegal. The FTC regulates these calls under the Telemarketing Sales Rule and the Challenge was issued to developing technical or functional solutions and proofs of concepts that can block illegal robocalls which, despite the agency's best efforts, seem to be increasing."
Patents

Micron Lands Broad "Slide To Unlock" Patent 211

Posted by timothy
from the is-it-malice-blindness-or-incompetence dept.
Zordak writes "Micron has recently landed U.S. Patent 8,352,745, which claims priority back to a February 2000 application---well before Apple's 2004 slide-to-unlock application. While claim construction is a highly technical art, the claims here are (for once) almost as broad as they sound, and may cover the bulk of touch screen smart phones on the market today. Dennis Crouch's Patently-O has a discussion."
Communications

Ask Slashdot: Name Conflicts In Automatically Generated Email Addresses? 383

Posted by timothy
from the hash-of-full-name-plus-birthday dept.
New submitter matteocorti writes "I work at medium-sized university and we are considering reducing the number of domains used for email addresses (now around 350): the goal is to have all the 30K personal addresses in a single domain. This will increase the clashes for the local part of the address for people with the same first and last name (1.6%). We are considering several options: one of them is to use 'username@domain.tld' and the other is to use 'first.last@domain.tld.' The first case will avoid any conflict in the addresses (usernames are unique) but the second is fancier. Which approach does your organization use? How are name conflicts (homonyms) solved? Manually or automatically (e.g., by adding a number)?"
Blackberry

Yes, PlayBook Does Get BlackBerry 10 Update 90

Posted by timothy
from the seriously-how-is-blackberry-compelling-nowadays? dept.
judgecorp writes "Yesterday's BlackBerry 10 announcement did not mention the company's tablet, the Playbook, but users will be relieved to know it will get an update to BlackBerry 10. It's not a huge surprise, since BB10 is based on the PlayBook's QNX operating system, but PlayBook users may have been worried since the company did not even mention the struggling tablet in passing at the event." Hopefully the Playbook's camera is better than the one in the new BB10-based Z10 phone, the low-light performance of which Gizmodo describes as "four-years-ago crap."
The Internet

Time Warner Boosts Broadband Customer Speed — But Only Near Google Fiber 203

Posted by timothy
from the just-a-coincidence dept.
An anonymous reader writes " Rob is a Time Warner Cable customer, and he's received two really interesting things from them lately. First, a 50% speed boost: they claim to have upgraded the speed of his home Internet connection. That's neat. Oh, and they've also cut his bill, from $45 to $30. Wow! What has prompted this amazing treatment? Years of loyalty and on-time payments? No, not exactly. Rob lives in Kansas City, pilot site for Google Fiber. Even though they have shut off people in other states for using too much bandwidth. Is Google making them show that it's not that hard to provide good service and bandwidth?"
Android

"Bill Shocker" Malware Controls 620,000 Android Phones In China 138

Posted by timothy
from the it's-ok-they're-calling-the-premier dept.
Orome1 writes "A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."
China

Chinese Hack New York Times 116

Posted by samzenpus
from the protect-ya-neck dept.
Rick Zeman writes "According to a headline article in the New York Times, they admit to being hacked by the Chinese, and covers the efforts of Mandiant to investigate, and then to eradicate their custom Advanced Persistent Threats (APT). This was alleged to be in reaction to an article which details the sleazy business dealings of the family of Wen Jiabao, China's newest Prime Minister. China's Ministry of National Defense said in denial, 'Chinese laws prohibit any action including hacking that damages Internet security.'" Update: 01/31 15:00 GMT by T : The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.
Security

DARPA Open Source Security Helped FreeBSD, Junos, Mac OS X, iOS 22

Posted by Soulskill
from the also-juliennes-fries dept.
An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."
Education

Microsoft Wants Computer Science Taught In UK Primary Schools 168

Posted by Soulskill
from the reading,-'riting,-and-'rogramming dept.
Qedward writes "As the UK prepares to shake up the way computer science is taught in schools, Redmond is warning that the UK risks falling behind other countries in the race to develop and nurture computing talent, if 'we don't ensure that all children learn about computer science in primary schools.' With 100,000 unfilled IT jobs but only 30,500 computer science graduates in the UK last year, MS believes: 'By formally introducing children to computer science basics at primary school, we stand a far greater chance of increasing the numbers taking the subject through to degree level and ultimately the world of work.'"
Crime

Hacker Faces 105 Years In Prison After Blackmailing 350+ Women 473

Posted by Soulskill
from the see-you-after-the-singularity dept.
redletterdave writes "According to the 30-count indictment released by the Central District of California, 27-year-old hacker Karen 'Gary' Kazaryan allegedly hacked his way into hundreds of online accounts, using personal information and nude or semi-nude photos of his victims to coerce more than 350 female victims to show him their naked bodies, usually over Skype. By posing as a friend, Kazaryan allegedly tricked these women into stripping for him on camera, capturing more than 3,000 images of these women to blackmail them. Kazaryan was arrested by federal agents on Tuesday; if convicted on all 30 counts, including 15 counts of computer intrusion and 15 counts of aggravated identity theft, Kazaryan could face up to 105 years in federal prison."
Bug

Linux: Booting Via UEFI Can Brick Samsung Notebooks 232

Posted by Unknown Lamer
from the like-openfirmware-only-it-sucks dept.
wehe writes "Heise News reports today some Samsung notebooks can be turned into a brick if booted just one time via UEFI into Linux. Even the firmware does not boot anymore. Some reports in the Ubuntu bug tracker system report that such notebooks can not be recovered without replacing the main board. Other Linux distributions may be affected as well. Kernel developers are discussing a change in the Samsung-laptop driver." It appears even Samsung is having trouble tracking down the problem (from the article): "According to Canonical's Steve Langasek, Samsung developers have been attempting to develop a firmware update to prevent the problem for several weeks. Langasek is advising users to start Ubuntu installation on Samsung notebooks from an up-to-date daily image, in which the Ubuntu development team has taken precautions to prevent the problem from arising. It is, however, not completely clear that these measures are sufficient."
Security

50 Million Potentially Vulnerable To UPnP Flaws 138

Posted by Soulskill
from the much-lower-than-expected dept.
Gunkerty Jeb writes "In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw. 'This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices,' Rapid7's CSO HD Moore said. 'The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable.'"

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...